IDEAS home Printed from https://ideas.repec.org/p/tsa/wpaper/0209is.html
   My bibliography  Save this paper

Rethinking Fs-Isac: An It Security Information Sharing Model For The Financial Services Sector

Author

Listed:
  • Charles Z. Liu

    (UTSA)

  • Humayun Zafar
  • Yoris A. Au

Abstract

This study examines a critical incentive alignment issue facing FS-ISAC (the information sharing alliance in the financial services industry). Failure to encourage members to share their IT security-related information has seriously undermined the founding rationale of FS-ISAC. Our analysis shows that many information sharing alliances’ membership policies are plagued with the incentive misalignment issue and may result in a “freeriding” or “no information sharing” equilibrium. To address this issue, we propose a new information sharing membership policy that incorporates an insurance option and show that the proposed policy can align members’ incentives and lead to a socially optimal outcome. Moreover, when a transfer payment mechanism is implemented, all member firms will be better off joining the insurance network. These results are demonstrated in a simulation in which IT security breach losses are compared both with and without participating in the proposed information sharing insurance plan.

Suggested Citation

  • Charles Z. Liu & Humayun Zafar & Yoris A. Au, 2013. "Rethinking Fs-Isac: An It Security Information Sharing Model For The Financial Services Sector," Working Papers 0209is, College of Business, University of Texas at San Antonio.
    • Handle: RePEc:tsa:wpaper:0209is
    as

    Download full text from publisher

    File URL: http://interim.business.utsa.edu/wps/is/0023IS-673-2013.pdf
    File Function: Full text
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Gal-Or, Esther, 1985. "Information Sharing in Oligopoly," Econometrica, Econometric Society, vol. 53(2), pages 329-343, March.
    2. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    3. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
    4. Tomas Philipson & John Cawley, 1999. "An Empirical Examination of Information Barriers to Trade in Insurance," American Economic Review, American Economic Association, vol. 89(4), pages 827-846, September.
    5. Martin J. Osborne & Ariel Rubinstein, 1994. "A Course in Game Theory," MIT Press Books, The MIT Press, edition 1, volume 1, number 0262650401, April.
    6. Xavier Vives, 1990. "Trade Association Disclosure Rules, Incentives to Share Information, and Welfare," RAND Journal of Economics, The RAND Corporation, vol. 21(3), pages 409-430, Autumn.
    7. Carl Shapiro, 1986. "Exchange of Cost Information in Oligopoly," The Review of Economic Studies, Review of Economic Studies Ltd, vol. 53(3), pages 433-446.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    2. Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
    3. Xiaotong Li, 2022. "An evolutionary game‐theoretic analysis of enterprise information security investment based on information sharing platform," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(3), pages 595-606, April.
    4. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    5. Yasuhiro Sakai, 2016. "Information Exchanges among Firms and Their Welfare Implications (Part 1) : The Dual Relations between the Cournot and Bertrand Models," Discussion Papers CRR Discussion Paper Series A: General 16, Shiga University, Faculty of Economics,Center for Risk Research.
    6. Lagerlof, Johan N.M., 2007. "Insisting on a non-negative price: Oligopoly, uncertainty, welfare, and multiple equilibria," International Journal of Industrial Organization, Elsevier, vol. 25(4), pages 861-875, August.
    7. Fan, Cuihong & Jun, Byoung Heon & Wolfstetter, Elmar G., 2016. "Optimal bid disclosure in patent license auctions under alternative modes of competition," International Journal of Industrial Organization, Elsevier, vol. 47(C), pages 1-32.
    8. Dmitry Sedov, 2023. "Almost-truthful interim-biased mediation enables information exchange between agents with misaligned interests," Review of Economic Design, Springer;Society for Economic Design, vol. 27(3), pages 505-546, September.
    9. Amir, Rabah & Jin, Jim Y. & Troege, Michael, 2010. "Robust results on the sharing of firm-specific information: Incentives and welfare effects," Journal of Mathematical Economics, Elsevier, vol. 46(5), pages 855-866, September.
    10. Duarte Brito & Pedro Pereira & João Vareda, 2016. "Can More Information About Rivals' Costs Decrease Welfare?," Manchester School, University of Manchester, vol. 84(2), pages 251-269, March.
    11. Jin, Jim Y., 1996. "A test for information sharing in Cournot oligopoly," Information Economics and Policy, Elsevier, vol. 8(1), pages 75-86, March.
    12. Yin, Xundong & Wang, Sophie Xuefei & Lu, Yuanzhu & Yan, Jianye, 2023. "Endogenous information acquisition and disclosure of private information in a duopoly," Economic Modelling, Elsevier, vol. 126(C).
    13. Bacchetta, Philippe & Espinosa, Maria Paz, 1995. "Information sharing and tax competition among governments," Journal of International Economics, Elsevier, vol. 39(1-2), pages 103-121, August.
    14. António Brandão & Joana Pinho, 2015. "Asymmetric Information And Exchange Of Information About Product Differentiation," Bulletin of Economic Research, Wiley Blackwell, vol. 67(2), pages 166-185, April.
    15. Medín, J. Andrés Faíña & Rodríguez, Jesús López & Rodríguez, José López, 2003. "Information Exchanges in Cournot Duopolies," Revista Brasileira de Economia - RBE, EPGE Brazilian School of Economics and Finance - FGV EPGE (Brazil), vol. 57(1), January.
    16. Malueg, David A. & Tsutsui, Shunichi O., 1998. "Distributional assumptions in the theory of oligopoly information exchange1," International Journal of Industrial Organization, Elsevier, vol. 16(6), pages 785-797, November.
    17. Myatt, David P. & Wallace, Chris, 2015. "Cournot competition and the social value of information," Journal of Economic Theory, Elsevier, vol. 158(PB), pages 466-506.
    18. Malueg, David A. & Tsutsui, Shunichi O., 1996. "Duopoly information exchange: The case of unknown slope," International Journal of Industrial Organization, Elsevier, vol. 14(1), pages 119-136.
    19. Liu, Qihong & Serfes, Konstantinos, 2006. "Customer information sharing among rival firms," European Economic Review, Elsevier, vol. 50(6), pages 1571-1600, August.
    20. Roy, Jaideep & Silvers, Randy & Sun, Ching-Jen, 2019. "Majoritarian preference, utilitarian welfare and public information in Cournot oligopoly," Games and Economic Behavior, Elsevier, vol. 116(C), pages 269-288.

    More about this item

    Keywords

    security; organization; information sharing; economic theory; game theory; simulation;
    All these keywords.

    JEL classification:

    • C70 - Mathematical and Quantitative Methods - - Game Theory and Bargaining Theory - - - General
    • D53 - Microeconomics - - General Equilibrium and Disequilibrium - - - Financial Markets
    • D71 - Microeconomics - - Analysis of Collective Decision-Making - - - Social Choice; Clubs; Committees; Associations
    • D74 - Microeconomics - - Analysis of Collective Decision-Making - - - Conflict; Conflict Resolution; Alliances; Revolutions
    • G22 - Financial Economics - - Financial Institutions and Services - - - Insurance; Insurance Companies; Actuarial Studies

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:tsa:wpaper:0209is. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wendy Frost (email available below). General contact details of provider: https://edirc.repec.org/data/cbutsus.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.