An economic mechanism to manage operational security risks for inter-organizational information systems

UNCG Author/Contributor (non-UNCG co-authors, if there are any, appear on document)
Xia Zhao, Associate Professor (Creator)
Institution
The University of North Carolina at Greensboro (UNCG )
Web Site: http://library.uncg.edu/

Abstract: As organizations increasingly deploy Inter-organizational Information Systems (IOS), the interdependent security risk they add is a problem affecting market efficiency. Connected organizations become part of entire networks, and are subject to threats from the entire network; but members’ security profile information is private, members lack incentives to minimize impact on peers and are not accountable. We model the problem as a signaling-screening game, and outline an incentive mechanism that addresses these problems. Our mechanism proposes formation of secure communities of organizations anchored by Security Compliance Consortium (SCC), with members held accountable to the community for security failures. We study the interconnection decisions with and without the mechanism, and characterize conditions where the mechanism plays roles of addressing moral hazard and hidden information issues by screening the organizations’ security types and/or by providing them incentives to improve. We also discuss the welfare gains and the broad impact of the mechanism.

Additional Information

Publication
Information Systems Frontiers
Language: English
Date: 2014
Keywords
Inter-organizational information systems, Information security, Risk management, Economics of information systems, Economic mechanisms

Email this document to