EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Managing Security Outsourcing in the Presence of Strategic Hackers

Yong Wu (), Junlin Duan (), Tao Dai () and Dong Cheng ()
Additional contact information
Yong Wu: Glorious Sun School of Business and Management, Donghua University, Shanghai 200051, China
Junlin Duan: Glorious Sun School of Business and Management, Donghua University, Shanghai 200051, China
Tao Dai: Glorious Sun School of Business and Management, Donghua University, Shanghai 200051, China
Dong Cheng: Glorious Sun School of Business and Management, Donghua University, Shanghai 200051, China

Decision Analysis, 2020, vol. 17, issue 3, 235-259

Abstract: Nowadays, firms tend to outsource security operations to professional managed security service providers (MSSPs) as a result of the sophistication of strategic hackers. Thus, how an MSSP makes security decisions according to a strategic hacker’s action is worth researching. Constructing a contract theory model, this paper examines the interaction between an MSSP and a strategic hacker based on both parties’ characteristics. We find that the hacker will give up less valuable information assets, and thus not all information assets are worth protecting for the MSSP. For both parties, their optimal efforts do not necessarily increase with their respective efficiency, and the firm’s reputation loss has an opposite effect on its respective efforts. Moreover, we distinguish two types of security externalities including MSSP-side externality and hacker-side externality, and we find that the two types of security externalities have different effects on both parties’ optimal efforts and expected payoffs. We also find that as a result of the trade-off between the integration effect of the MSSP and the effect of MSSP-side externality, firms are still willing to outsource their security operations to the MSSP even when an MSSP devotes fewer security efforts than those of firms that manage security in-house. Last, we extend our base model from two aspects to generalize the main results.

Keywords: strategic hacker; managed security service; decision analysis; security externality (search for similar items in EconPapers)
Date: 2020
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (3)

Downloads: (external link)
https://doi.org/10.1287/deca.2019.0406 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:inm:ordeca:v:17:y:2020:i:3:p:235-259

Access Statistics for this article

More articles in Decision Analysis from INFORMS Contact information at EDIRC.
Bibliographic data for series maintained by Chris Asher ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:inm:ordeca:v:17:y:2020:i:3:p:235-259