Show simple item record

dc.contributor.authorCezar, Asunuren_US
dc.contributor.authorCavusoglu, Huseyinen_US
dc.contributor.authorRaghunathan, Srinivasanen_US
dc.date.accessioned2014-07-09T16:04:55Z
dc.date.available2014-07-09T16:04:55Z
dc.date.created2014-03-01en_US
dc.identifier.issn0025-1909en_US
dc.identifier.urihttp://hdl.handle.net/10735.1/3645
dc.description.abstractA unique challenge in information security outsourcing is that neither the outsourcing firm nor the managed security service provider (MSSP) perfectly observes the outcome, the occurrence of a security breach, of prevention effort. Detection of security breaches often requires specialized effort. The current practice is to outsource both prevention and detection to the same MSSP. Some security experts have advocated outsourcing prevention and detection to different MSSPs. We show that the former outsourcing contract leads to a significant disincentive to provide detection effort. The latter contract alleviates this problem but introduces misalignment of incentives between the firm and the MSSPs and eliminates the advantages offered by complementarity between prevention and detection functions, which may lead to a worse outcome than the current contract. We propose a new contract that is superior to these two on various dimensions.en_US
dc.language.isoenen_US
dc.publisherINFORMSen_US
dc.relation.urihttp://dx.doi.org/10.1287/mnsc.2013.1763en_US
dc.rights©2014 INFORMSen_US
dc.subjectOutsourcingen_US
dc.subjectInformation securityen_US
dc.subjectInformation services--Security measuresen_US
dc.subjectContracting outen_US
dc.subjectManaged security service providersen_US
dc.subjectIT security servicesen_US
dc.subjectIncentive contractsen_US
dc.titleOutsourcing Information Security: Contracting Issues and Security Implicationsen_US
dc.typetexten_US
dc.type.genrearticleen_US
dc.identifier.bibliographicCitationCezar, Asunur, Huseyin Cavusoglu, and Srinivasan Raghunathan. 2014. "Outsourcing Information Security: Contracting Issues and Security Implications." Management Science 60(3): 638-657.en_US
dc.source.journalManagement Scienceen_US
dc.identifier.volume60en_US
dc.identifier.issue3en_US
dc.identifier.startpage638en_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record