Show simple item record

dc.contributor.authorHui, K.
dc.contributor.authorHui, Wendy
dc.contributor.authorYue, W.
dc.date.accessioned2017-01-30T13:25:29Z
dc.date.available2017-01-30T13:25:29Z
dc.date.created2013-07-31T20:00:19Z
dc.date.issued2013
dc.identifier.citationHui, Kai-Lung and Hui, Wendy and Yue, Wei T. 2013. Information Security Outsourcing with System Interdependency and Mandatory Security Requirement. Journal of Management Information Systems. 29 (3): pp. 117-156.
dc.identifier.urihttp://hdl.handle.net/20.500.11937/31445
dc.identifier.doi10.2753/MIS0742-1222290304
dc.description.abstract

The rapid growth of computer networks has led to proliferation of information security standards. To meet these security standards, some organizations outsource security protection to a managed security service provider (MSSP). However, this may give rise to system interdependency risks. This paper analyzes how such system interdependency risks interact with a mandatory security requirement to affect the equilibrium behaviors of an MSSP and its clients. We show that a mandatory security requirement will increase the MSSP’s effort and motivate it to serve more clients. Although more clients can benefit from the MSSP’s protection, they are also subjected to greater system interdependency risks. Social welfare will decrease if the mandatory security requirement is high and imposing verifiability may exacerbate social welfare losses. Our results imply that recent initiatives such as issuing certification to enforce computer security protection, or encouraging auditing of managed security services, may not be advisable.

dc.publisherME Sharpe, Inc.
dc.subjectinformation security outsourcing
dc.subjectsecurity compliance
dc.subjectmandatory security requirement
dc.subjectinformation security
dc.subjectinterdependency risks
dc.titleInformation Security Outsourcing with System Interdependency and Mandatory Security Requirement
dc.typeJournal Article
dcterms.source.volume29
dcterms.source.number3
dcterms.source.startPage117
dcterms.source.endPage156
dcterms.source.issn0742-1222
dcterms.source.titleJournal of Management Information Systems
curtin.department
curtin.accessStatusFulltext not available


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record