Bilateral Liability-Based Contracts in Information Security Outsourcing

Hui, Kai Lung; Ke, Ping Fan; Yao, Yuxi; Yue, Wei Thoo

doi:10.1287/isre.2018.0806

Cited by 28 publications

(9 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many studies have been proposed to address privacy protection, and there is a wide range of research and tools available for exploration in this field. Hui et al (2019) conducted a study on managed security services and examined the effectiveness of bilateral liability-based contracts using a game model. They found that the designed contract can achieve optimal outcomes when post-breach effort verification is feasible.…”

Section: Information Securitymentioning

confidence: 99%

Internet of Things Network Security Improvement Investment: The Role of Platform and Smart Device Manufacturer

Li,

Zhang

2023

Preprint

View full text Add to dashboard Cite

This study aims to address the network security investment problem in an IoT environment by developing a game-theoretical model. We examine the impact of IoT service level and customer characteristics on the incentives for both the IoT platform and the manufacturer to invest in security, as well as the platform's profitability. Through analytical analysis, we obtain several noteworthy findings. Firstly, we find that a higher IoT platform service level corresponds to a higher security responsibility. As a result, the platform needs to carefully consider the costs and benefits associated with security investment and service provision. Additionally, our research demonstrates that both the platform and the manufacturer's efforts to enhance security do not diminish, even when faced with increasing customer losses due to security breaches. Furthermore, our study reveals the influence of the unit security cost and the size of highly sensitive customers on the security efforts undertaken by both the IoT platform and the smart device manufacturer. These results have important practical implications for firms operating within an IoT-based supply chain. Specifically, our findings can provide valuable decision-making guidance for enterprises seeking digital transformation and making informed choices regarding platform operations.

show abstract

Section: Information Securitymentioning

confidence: 99%

Internet of Things Network Security Improvement Investment: The Role of Platform and Smart Device Manufacturer

Li,

Zhang

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Zhang et al (2021) analyze whether two firms outsource to the common or different MSSPs. Lee et al (2013), Hui et al (2019), and Wu, Giri, et al (2021) develop different contract structures to decrease double moral hazard in information security outsourcing. Cezar et al (2017) discuss two competitive firms' decisions to outsource security operation with interdependent risks, in which both the MSSP's and the hacker's strategic behavior fails to be characterized.…”

Section: Literature Reviewmentioning

confidence: 99%

An economic analysis of information security outsourcing with competitive firms

Gao

Gong

2022

Manage Decis Econ

View full text Add to dashboard Cite

Nowadays, firms may outsource information security operation to a managed security service provider (MSSP). Constructing a game‐theoretic model, this paper examines the strategic interaction between a MSSP and a strategic hacker in the presence of two competitive firms. We find that the MSSP's equilibrium benefit increases with the firms' loss due to user inconvenience and competition intensity when they remain high. It shows that technology similarity may benefit or harm the MSSP, dependent on its investment efficiency. Interestingly, we reveal that the hacker's benefit first decreases and then increases with technology similarity when its learning ability remains moderate.

show abstract

“…The third topic of interest revolves around cost, liability and security negligence. This includes research on the influence of customer restitution on customer outcomes post data breach (Goode et al, 2017), the efficiency of bilateral liability-based contracts in managed security services (MSSs) (Hui et al, 2019) and the importance of cloud service certifications as indicators of a cloud provider's future service quality (Lansing et al, 2019). Post-breach reputation management (Gwebu et al, 2018;Syed, 2019) also falls into the topic of interest, as reputation loss is an important cost to a company when recovering from a data breach.…”

Section: Published Topics Of Interestmentioning

confidence: 99%

“…This includes research on the influence of customer restitution on customer outcomes post data breach (Goode et al. , 2017), the efficiency of bilateral liability-based contracts in managed security services (MSSs) (Hui et al. , 2019) and the importance of cloud service certifications as indicators of a cloud provider's future service quality (Lansing et al.…”

Section: Published Topics Of Interestmentioning

confidence: 99%

A closer look at organizational cybersecurity research trending topics and limitations

Johnston

2022

OCJ

View full text Add to dashboard Cite

PurposeIn identifying both the topics of interest and key limitations of the extant organizational security research, both opportunities for future research as well as some underlying challenges for conducting this research may be revealed.Design/methodology/approachTo identify the leading organizational cybersecurity research topics of interest and their key limitations, the author conducted a topic modeling analysis of the organizational level studies published in the Association for Information Systems (AIS) senior scholars' “basket of eight journals” (Association for Information Systems, 2022) over the past five years.FindingsLeading topics include (1) organizational security research concerns governance and strategic level decision-making and their role in shaping organizational security successes and failures, (2) cybercriminals and organizations' ability to monitor and detect them from both within and outside the firm; (3) cost, liability and security negligence, (4) organizations' innovation dispositions for security products and services and (5) organizational breach response efficacy; while key limitations of this study include the following: (1) scholars' ability to propose and assess strategic and operational level threat response recommendations, (2) their understanding how influence is formed and maintained among employees and groups and (3) their measurement instruments and models.Originality/valueOrganizations remained plagued by an ever-emerging set of threats to the security of their digital and informational assets. New threats are regularly discovered and remedies to existing threats are continually proven ineffective against these new threats. Providing an orientation to the current research on organizational security can help advance their security efforts.

show abstract

Bilateral Liability-Based Contracts in Information Security Outsourcing

Cited by 28 publications

References 39 publications

Internet of Things Network Security Improvement Investment: The Role of Platform and Smart Device Manufacturer

Internet of Things Network Security Improvement Investment: The Role of Platform and Smart Device Manufacturer

An economic analysis of information security outsourcing with competitive firms

A closer look at organizational cybersecurity research trending topics and limitations

Contact Info

Product

Resources

About