IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v16y2014i3d10.1007_s10796-012-9348-y.html
   My bibliography  Save this article

An economic mechanism to manage operational security risks for inter-organizational information systems

Author

Listed:
  • Fang Fang

    (California State University at San Marcos)

  • Manoj Parameswaran

    (University of Washington)

  • Xia Zhao

    (University of North Carolina at Greensboro)

  • Andrew B. Whinston

    (University of Texas)

Abstract

As organizations increasingly deploy Inter-organizational Information Systems (IOS), the interdependent security risk they add is a problem affecting market efficiency. Connected organizations become part of entire networks, and are subject to threats from the entire network; but members’ security profile information is private, members lack incentives to minimize impact on peers and are not accountable. We model the problem as a signaling-screening game, and outline an incentive mechanism that addresses these problems. Our mechanism proposes formation of secure communities of organizations anchored by Security Compliance Consortium (SCC), with members held accountable to the community for security failures. We study the interconnection decisions with and without the mechanism, and characterize conditions where the mechanism plays roles of addressing moral hazard and hidden information issues by screening the organizations’ security types and/or by providing them incentives to improve. We also discuss the welfare gains and the broad impact of the mechanism.

Suggested Citation

  • Fang Fang & Manoj Parameswaran & Xia Zhao & Andrew B. Whinston, 2014. "An economic mechanism to manage operational security risks for inter-organizational information systems," Information Systems Frontiers, Springer, vol. 16(3), pages 399-416, July.
  • Handle: RePEc:spr:infosf:v:16:y:2014:i:3:d:10.1007_s10796-012-9348-y
    DOI: 10.1007/s10796-012-9348-y
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-012-9348-y
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.

    File URL: https://libkey.io/10.1007/s10796-012-9348-y?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. J. Yannis Bakos & Barrie R. Nault, 1997. "Ownership and Investment in Electronic Networks," Information Systems Research, INFORMS, vol. 8(4), pages 321-341, December.
    2. Lawrence A. Gordon & Martin P. Loeb, 2006. "Economic aspects of information security: An emerging field of research," Information Systems Frontiers, Springer, vol. 8(5), pages 335-337, December.
    3. Huseyin Cavusoglu & Birendra Mishra & Srinivasan Raghunathan, 2005. "The Value of Intrusion Detection Systems in Information Technology Security Architecture," Information Systems Research, INFORMS, vol. 16(1), pages 28-46, March.
    4. Kunreuther, Howard & Heal, Geoffrey, 2003. "Interdependent Security," Journal of Risk and Uncertainty, Springer, vol. 26(2-3), pages 231-249, March-May.
    5. Anitesh Barua & Byungtae Lee, 1997. "An Economic Analysis of the Introduction of an Electronic Data Interchange System," Information Systems Research, INFORMS, vol. 8(4), pages 398-422, December.
    6. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    7. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    8. Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
    9. Daniel S. Soper & Haluk Demirkan & Michael Goul, 2007. "An interorganizational knowledge-sharing security model with breach propagation detection," Information Systems Frontiers, Springer, vol. 9(5), pages 469-479, November.
    10. Eric T. G. Wang & Abraham Seidmann, 1995. "Electronic Data Interchange: Competitive Externalities and Strategic Implementation Policies," Management Science, INFORMS, vol. 41(3), pages 401-418, March.
    11. Johny Ghattas & Pnina Soffer, 2009. "Evaluation of inter-organizational business process solutions: A conceptual model-based approach," Information Systems Frontiers, Springer, vol. 11(3), pages 273-291, July.
    12. Muneesh Kumar & Mamta Sareen, 2009. "Trust and Technology in Inter-Organizational Business Relations," International Journal of Information Communication Technologies and Human Development (IJICTHD), IGI Global, vol. 1(4), pages 40-57, October.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Arunabha Mukhopadhyay & Samir Chatterjee & Kallol K. Bagchi & Peteer J. Kirs & Girja K. Shukla, 2019. "Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance," Information Systems Frontiers, Springer, vol. 21(5), pages 997-1018, October.
    2. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    3. Mansooreh Ezhei & Behrouz Tork Ladani, 2020. "Interdependency Analysis in Security Investment against Strategic Attacks," Information Systems Frontiers, Springer, vol. 22(1), pages 187-201, February.
    4. Venugopal Gopalakrishna-Remani & Robert Paul Jones & Kerri M. Camp, 2019. "Levels of EMR Adoption in U.S. Hospitals: An Empirical Examination of Absorptive Capacity, Institutional Pressures, Top Management Beliefs, and Participation," Information Systems Frontiers, Springer, vol. 21(6), pages 1325-1344, December.
    5. Tridib Bandyopadhyay & Vijay Mookerjee, 2019. "A model to analyze the challenge of using cyber insurance," Information Systems Frontiers, Springer, vol. 21(2), pages 301-325, April.
    6. Tridib Bandyopadhyay & Vijay Mookerjee, 0. "A model to analyze the challenge of using cyber insurance," Information Systems Frontiers, Springer, vol. 0, pages 1-25.
    7. Shivam Gupta & Sachin Modgil & Choong-Ki Lee & Uthayasankar Sivarajah, 2023. "The future is yesterday: Use of AI-driven facial recognition to enhance value in the travel and tourism industry," Information Systems Frontiers, Springer, vol. 25(3), pages 1179-1195, June.
    8. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    2. Amitava Dutta & Rahul Roy, 2008. "Dynamics of organizational information security," System Dynamics Review, System Dynamics Society, vol. 24(3), pages 349-375, September.
    3. Byungjoon Yoo & Vidyanand Choudhary & Tridas Mukhopadhyay, 2007. "Electronic B2B Marketplaces with Different Ownership Structures," Management Science, INFORMS, vol. 53(6), pages 952-961, June.
    4. Derrick Huang, C. & Hu, Qing & Behara, Ravi S., 2008. "An economic analysis of the optimal information security investment in the case of a risk-averse firm," International Journal of Production Economics, Elsevier, vol. 114(2), pages 793-804, August.
    5. Xing Gao & Weijun Zhong, 2015. "Information security investment for competitive firms with hacker behavior and security requirements," Annals of Operations Research, Springer, vol. 235(1), pages 277-300, December.
    6. Rajiv D. Banker & Joakim Kalvenes & Raymond A. Patterson, 2006. "Research Note---Information Technology, Contract Completeness, and Buyer-Supplier Relationships," Information Systems Research, INFORMS, vol. 17(2), pages 180-193, June.
    7. Chulhwan Chris Bang, 2015. "Information systems frontiers: Keyword analysis and classification," Information Systems Frontiers, Springer, vol. 17(1), pages 217-237, February.
    8. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    9. Anna Nagurney & Ladimer Nagurney, 2015. "A game theory model of cybersecurity investments with information asymmetry," Netnomics, Springer, vol. 16(1), pages 127-148, August.
    10. Seyed Alireza Hasheminasab & Behrouz Tork Ladani, 2018. "Security Investment in Contagious Networks," Risk Analysis, John Wiley & Sons, vol. 38(8), pages 1559-1575, August.
    11. Bin Srinidhi & Jia Yan & Giri Kumar Tayi, 2008. "Firm-level Resource Allocation to Information Security in the Presence of Financial Distress," Working Papers 2008-17, School of Economic Sciences, Washington State University.
    12. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    13. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    14. Terrence August & Duy Dao & Marius Florin Niculescu, 2022. "Economics of Ransomware: Risk Interdependence and Large-Scale Attacks," Management Science, INFORMS, vol. 68(12), pages 8979-9002, December.
    15. Liao, Chun-Hsiung & Chen, Chun-Wei, 2014. "Network externality and incentive to invest in network security," Economic Modelling, Elsevier, vol. 36(C), pages 398-404.
    16. Kevin Zhu, 2004. "Information Transparency of Business-to-Business Electronic Markets: A Game-Theoretic Analysis," Management Science, INFORMS, vol. 50(5), pages 670-685, May.
    17. Paul Chwelos & Izak Benbasat & Albert S. Dexter, 2001. "Research Report: Empirical Test of an EDI Adoption Model," Information Systems Research, INFORMS, vol. 12(3), pages 304-321, September.
    18. Simon, Jay & Omar, Ayman, 2020. "Cybersecurity investments in the supply chain: Coordination and a strategic attacker," European Journal of Operational Research, Elsevier, vol. 282(1), pages 161-171.
    19. Huang, C. Derrick & Behara, Ravi S., 2013. "Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints," International Journal of Production Economics, Elsevier, vol. 141(1), pages 255-268.
    20. Sang Lee & Seong-bae Lim, 2007. "Factors influencing suppliers’ participation in private electronic markets," Service Business, Springer;Pan-Pacific Business Association, vol. 1(1), pages 41-62, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:16:y:2014:i:3:d:10.1007_s10796-012-9348-y. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.