Information Security Outsourcing with System Interdependency and Mandatory Security Requirement
The rapid growth of computer networks has led to proliferation of information security standards. To meet these security standards, some organizations outsource security protection to a managed security service provider (MSSP). However, this may give rise to system interdependency risks. This paper...
| Main Authors: | , , |
|---|---|
| Format: | Journal Article |
| Published: |
ME Sharpe, Inc.
2013
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/20.500.11937/31445 |
| _version_ | 1848753382737575936 |
|---|---|
| author | Hui, K. Hui, Wendy Yue, W. |
| author_facet | Hui, K. Hui, Wendy Yue, W. |
| author_sort | Hui, K. |
| building | Curtin Institutional Repository |
| collection | Online Access |
| description | The rapid growth of computer networks has led to proliferation of information security standards. To meet these security standards, some organizations outsource security protection to a managed security service provider (MSSP). However, this may give rise to system interdependency risks. This paper analyzes how such system interdependency risks interact with a mandatory security requirement to affect the equilibrium behaviors of an MSSP and its clients. We show that a mandatory security requirement will increase the MSSP’s effort and motivate it to serve more clients. Although more clients can benefit from the MSSP’s protection, they are also subjected to greater system interdependency risks. Social welfare will decrease if the mandatory security requirement is high and imposing verifiability may exacerbate social welfare losses. Our results imply that recent initiatives such as issuing certification to enforce computer security protection, or encouraging auditing of managed security services, may not be advisable. |
| first_indexed | 2025-11-14T08:23:38Z |
| format | Journal Article |
| id | curtin-20.500.11937-31445 |
| institution | Curtin University Malaysia |
| institution_category | Local University |
| last_indexed | 2025-11-14T08:23:38Z |
| publishDate | 2013 |
| publisher | ME Sharpe, Inc. |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | curtin-20.500.11937-314452017-09-13T15:20:30Z Information Security Outsourcing with System Interdependency and Mandatory Security Requirement Hui, K. Hui, Wendy Yue, W. information security outsourcing security compliance mandatory security requirement information security interdependency risks The rapid growth of computer networks has led to proliferation of information security standards. To meet these security standards, some organizations outsource security protection to a managed security service provider (MSSP). However, this may give rise to system interdependency risks. This paper analyzes how such system interdependency risks interact with a mandatory security requirement to affect the equilibrium behaviors of an MSSP and its clients. We show that a mandatory security requirement will increase the MSSP’s effort and motivate it to serve more clients. Although more clients can benefit from the MSSP’s protection, they are also subjected to greater system interdependency risks. Social welfare will decrease if the mandatory security requirement is high and imposing verifiability may exacerbate social welfare losses. Our results imply that recent initiatives such as issuing certification to enforce computer security protection, or encouraging auditing of managed security services, may not be advisable. 2013 Journal Article http://hdl.handle.net/20.500.11937/31445 10.2753/MIS0742-1222290304 ME Sharpe, Inc. restricted |
| spellingShingle | information security outsourcing security compliance mandatory security requirement information security interdependency risks Hui, K. Hui, Wendy Yue, W. Information Security Outsourcing with System Interdependency and Mandatory Security Requirement |
| title | Information Security Outsourcing with System Interdependency and Mandatory Security Requirement |
| title_full | Information Security Outsourcing with System Interdependency and Mandatory Security Requirement |
| title_fullStr | Information Security Outsourcing with System Interdependency and Mandatory Security Requirement |
| title_full_unstemmed | Information Security Outsourcing with System Interdependency and Mandatory Security Requirement |
| title_short | Information Security Outsourcing with System Interdependency and Mandatory Security Requirement |
| title_sort | information security outsourcing with system interdependency and mandatory security requirement |
| topic | information security outsourcing security compliance mandatory security requirement information security interdependency risks |
| url | http://hdl.handle.net/20.500.11937/31445 |