Help
Cart
Skip main navigation

Available Issues

December 4, 2012 - March 5, 2026

Available Issues

December 4, 2012 - March 5, 2026

Managing Security Outsourcing in the Presence of Strategic Hackers

Published Online:18 Mar 2020https://doi.org/10.1287/deca.2019.0406

References

  • Anderson R, Moore T (2006) The economics of information security. Science 314(5799):610–613.CrossrefGoogle Scholar
  • Cavusoglu H, Raghunathan S (2004) Configuration of detection software: A comparison of decision and game theory approaches. Decision Anal. 1(3):131–148.LinkGoogle Scholar
  • Cavusoglu H, Raghunathan S, Cavusoglu H (2009) Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Inform. Systems Res. 20(2):198–217.LinkGoogle Scholar
  • Cavusoglu H, Raghunathan S, Yue WT (2008) Decision-theoretic and game-theoretic approaches to IT security investment. J. Management Inform. Systems 25(2):281–304.CrossrefGoogle Scholar
  • Cavusoglu H, Kwark Y, Mai B, Raghunathan S (2013) Passenger profiling and screening for aviation security in the presence of strategic attackers. Decision Anal. 10(1):63–81.LinkGoogle Scholar
  • Cezar A, Cavusoglu H, Raghunathan S (2014) Outsourcing information security: Contracting issues and security implications. Management Sci. 60(3):638–657.LinkGoogle Scholar
  • Cezar A, Cavusoglu H, Raghunathan S (2017) Sourcing information security operations: The role of risk interdependency and competitive externality in outsourcing decisions. Production Oper. Management 26(5):860–879.CrossrefGoogle Scholar
  • Cremonini M, Nizovtsev D (2009) Risks and benefits of signaling information system characteristics to strategic attackers. J. Management Inform. Systems 26(3):241–274.CrossrefGoogle Scholar
  • Dey D, Lahiri A, Zhang GY (2012) Hacker behavior, network effects, and the security software market. J. Management Inform. Systems 29(2):77–108.CrossrefGoogle Scholar
  • Fudenberg D, Tirole J (1991) Game Theory (MIT Press, Cambridge, MA).Google Scholar
  • Gal-Or E, Ghose A (2005) The economic incentives for sharing security information. Inform. Systems Res. 16(2):186–208.LinkGoogle Scholar
  • Gao X, Zhong W (2015) Information security investment for competitive firms with hacker behavior and security requirements. Ann. Oper. Res. 235(1):277–300.CrossrefGoogle Scholar
  • Gao X, Zhong W, Mei S (2013) Information security investment when hackers disseminate knowledge. Decision Anal. 10(4):352–368.LinkGoogle Scholar
  • Gedam S (2019) Managed security services market 2019. Wise Awareness (March 4), https://wiseawareness.com/managed-security-services-market-2019-current-growth-overview-by-verizon-symantec-dell-ericsson-fortinet-avaya-centurylink-bt-group-intel-trustwave-hpe-security-data-security-at-t/.Google Scholar
  • Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans. Inform. System Security 5(4):438–457.CrossrefGoogle Scholar
  • Huang CD, Hu Q, Behara RS (2008) An economic analysis of the optimal information security investment in the case of a risk-averse firm. Internat. J. Production Econom. 114(2):793–804.CrossrefGoogle Scholar
  • Hui KL, Hui W, Yue WT (2012) Information security outsourcing with system interdependency and mandatory security requirement. J. Management Inform. Systems 29(3):117–155.CrossrefGoogle Scholar
  • Lee CH, Geng XJ, Raghunathan S (2013) Contracting information security in the presence of double moral hazard. Inform. Systems Res. 24(2):295–311.LinkGoogle Scholar
  • Mookerjee V, Mookerjee R, Bensoussan A, Yue WT (2011) When hackers talk: Managing information security under variable attack rates and knowledge dissemination. Inform. Systems Res. 22(3):606–623.LinkGoogle Scholar
  • Png IP, Wang Q (2009) Information security: Facilitating user precautions vis-à-vis enforcement against attackers. J. Management Inform. Systems 26(2):97–121.CrossrefGoogle Scholar
  • Qian X, Liu X, Pei J, Pardalos PM (2018) A new game of information sharing and security investment between two allied firms. Internat. J. Production Res. 56(12):4069–4086.CrossrefGoogle Scholar
  • Qian X, Liu X, Pei J, Pardalos PM, Liu L (2017) A game-theoretic analysis of information security investment for multiple firms in a network. J. Oper. Res. Soc. 68(10):1290–1305.CrossrefGoogle Scholar
  • Temizkan O, Park S, Saydam C (2017) Software diversity for improved network security: Optimal distribution of software-based shared vulnerabilities. Inform. Systems Res. 28(4):828–849.LinkGoogle Scholar
  • Wu Y, Feng G, Fung RYK (2018) Comparison of information security decisions under different security and business environments. J. Oper. Res. Soc. 69(5):747–761.CrossrefGoogle Scholar
  • Wu Y, Feng G, Wang N, Liang H (2015) Game of information security investment: Impact of attack types and network vulnerability. Expert Systems Appl. 42(15–16):6132–6146.CrossrefGoogle Scholar
  • Wu Y, Fung RYK, Feng G, Wang N (2017) Decisions making in information security outsourcing: Impact of complementary and substitutable firms. Comput. Indust. Engrg. 110(August):1–12.CrossrefGoogle Scholar
  • Zhao X, Xue L, Whinston AB (2013) Managing interdependent information security risks: Cyberinsurance, managed security services, and risk pooling arrangements. J. Management Inform. Systems 30(1):123–152.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree