Advanced search
Publication Cover
Journal of Management Information Systems Volume 29, 2012 - Issue 3
Journal homepage
552
Views
34
CrossRef citations to date
0
Altmetric
Original Article

Information Security Outsourcing with System Interdependency and Mandatory Security Requirement

Kai-Lung Hui Department of Information Systems, Business Statistics, and Operations Management, Hong Kong University of Science and Technology
,
Wendy Hui Hong Kong University of Science and Technology
&
Wei T. Yue Department of Information Systems, City University of Hong Kong
Pages 117-156 | Published online: 09 Dec 2014
 
Sample our Information Science journals, sign in here to start your FREE access for 14 days

Abstract

The rapid growth of computer networks has led to a proliferation of information security standards. To meet these security standards, some organizations outsource security protection to a managed security service provider (MSSP). However, this may give rise to system interdependency risks. This paper analyzes how such system interdependency risks interact with a mandatory security requirement to affect the equilibrium behaviors of an MSSP and its clients. We show that a mandatory security requirement will increase the MSSP's effort and motivate it to serve more clients. Although more clients can benefit from the MSSP's protection, they are also subjected to greater system interdependency risks. Social welfare will decrease if the mandatory security requirement is high, and imposing verifiability may exacerbate social welfare losses. Our results imply that recent initiatives such as issuing certification to enforce computer security protection, or encouraging auditing of managed security services, may not be advisable.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related Research Data

Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments
Source: Springer Science and Business Media LLC
Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements
Source: Informa UK Limited
Estimating the Contextual Risk of Data Breach: An Empirical Approach
Source: Informa UK Limited

Linking provided by 

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.