Outsourcing Information Security: Contracting Issues and Security Implications

Simple item page
dc.contributor.author Cezar, Asunur
dc.contributor.author Çavuşoğlu, Hüseyin
dc.contributor.author Raghunathan, Şrinivaşan
dc.date.accessioned 2019-07-10T14:40:09Z
dc.date.available 2019-07-10T14:40:09Z
dc.date.issued 2014-03
dc.description.abstract A unique challenge in information security outsourcing is that neither the outsourcing firm nor the managed security service provider (MSSP) perfectly observes the outcome, the occurrence of a security breach, of prevention effort. Detection of security breaches often requires specialized effort. The current practice is to outsource both prevention and detection to the same MSSP. Some security experts have advocated outsourcing prevention and detection to different MSSPs. We show that the former outsourcing contract leads to a significant disincentive to provide detection effort. The latter contract alleviates this problem but introduces misalignment of incentives between the firm and the MSSPs and eliminates the advantages offered by complementarity between prevention and detection functions, which may lead to a worse outcome than the current contract. We propose a new contract that is superior to these two on various dimensions. en_US
dc.identifier.citation Cezar, A., Cavusoglu, H., & Raghunathan, S. (2013). Outsourcing information security: Contracting issues and security implications. Management Science, 60(3), 638-657. en_US
dc.identifier.doi 10.1287/mnsc.2013.1763
dc.identifier.issn 0025-1909
dc.identifier.issn 1526-5501
dc.identifier.scopus 2-s2.0-84897080478
dc.identifier.uri https://doi.org/10.1287/mnsc.2013.1763
dc.identifier.uri https://hdl.handle.net/20.500.11851/1884
dc.language.iso en en_US
dc.publisher INFORMS Inst.for Operations Res.and the Management Sciences en_US
dc.relation.ispartof Management Science en_US
dc.rights info:eu-repo/semantics/closedAccess en_US
dc.subject Industry en_US
dc.subject Security of data en_US
dc.title Outsourcing Information Security: Contracting Issues and Security Implications en_US
dc.type Article en_US
dspace.entity.type Publication
gdc.author.institutional Cezar, Asunur
gdc.author.scopusid 34871459700
gdc.author.scopusid 24484220300
gdc.bip.impulseclass C4
gdc.bip.influenceclass C4
gdc.bip.popularityclass C4
gdc.description.department Faculties, Faculty of Economics and Administrative Sciences, Department of Management en_US
gdc.description.department Fakülteler, İktisadi ve İdari Bilimler Fakültesi, İşletme Bölümü en_US
gdc.description.endpage 657 en_US
gdc.description.issue 3 en_US
gdc.description.publicationcategory Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı en_US
gdc.description.scopusquality Q1
gdc.description.startpage 638 en_US
gdc.description.volume 60 en_US
gdc.description.wosquality Q1
gdc.identifier.openalex W2087821301
gdc.identifier.wos WOS:000332839000006
gdc.oaire.diamondjournal false
gdc.oaire.impulse 16.0
gdc.oaire.influence 6.199182E-9
gdc.oaire.isgreen false
gdc.oaire.keywords Security of data
gdc.oaire.keywords Industry
gdc.oaire.popularity 2.4137497E-8
gdc.oaire.publicfunded false
gdc.oaire.sciencefields 0502 economics and business
gdc.oaire.sciencefields 05 social sciences
gdc.openalex.fwci 7.00619912
gdc.openalex.normalizedpercentile 0.97
gdc.openalex.toppercent TOP 10%
gdc.opencitations.count 57
gdc.plumx.crossrefcites 48
gdc.plumx.mendeley 126
gdc.plumx.scopuscites 71
gdc.scopus.citedcount 71
gdc.wos.citedcount 54
relation.isOrgUnitOfPublication 80088808-d92c-4251-ad3e-435c98e0ac85
relation.isOrgUnitOfPublication.latestForDiscovery 80088808-d92c-4251-ad3e-435c98e0ac85

Files

Collections

İşletme Bölümü / Department of Business Administration
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection