|
|||||
|
|
An economic mechanism to manage operational security risks for inter-organizational information systems |
|
| Authors: | Fang Fang Manoj Parameswaran Xia Zhao Andrew B. Whinston |
| Affiliation: | 1. Department of ISOM, California State University at San Marcos, San Marcos, CA, 92096, USA 2. Department of ISOM, University of Washington, Seattle, WA, 98195, USA 3. Department of ISOM, University of North Carolina at Greensboro, Greensboro, NC, 27402, USA 4. Department of IROM, University of Texas, Austin, TX, 78712, USA |
| Abstract: | As organizations increasingly deploy Inter-organizational Information Systems (IOS), the interdependent security risk they add is a problem affecting market efficiency. Connected organizations become part of entire networks, and are subject to threats from the entire network; but members’ security profile information is private, members lack incentives to minimize impact on peers and are not accountable. We model the problem as a signaling-screening game, and outline an incentive mechanism that addresses these problems. Our mechanism proposes formation of secure communities of organizations anchored by Security Compliance Consortium (SCC), with members held accountable to the community for security failures. We study the interconnection decisions with and without the mechanism, and characterize conditions where the mechanism plays roles of addressing moral hazard and hidden information issues by screening the organizations’ security types and/or by providing them incentives to improve. We also discuss the welfare gains and the broad impact of the mechanism. |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! | |