Contracting Information Security in the Presence of Double Moral Hazard

References

• Allen J, Gabbard D, May C. Outsourcing managed security services. (2003) . Whitepaper, Carnegie Mellon Software Engineering Institute. Available at http://www.cert.org/archive/pdf/omss.pdfGoogle Scholar
• Al-Najjar N. Incentive contracts in two-sided moral hazards with multiple agents. J. Econom. Theory (1997) 74(1):174–195Crossref, Google Scholar
• Anderson R, Moore T. The economics of information security. Science (2006) 314(27):610–613Crossref, Google Scholar
• Arce I. The weakest link revisited. IEEE Security and Privacy (2003) 1(2):72–76Crossref, Google Scholar
• Balachandran KR, Radhakrishnan S. Quality implications of warranties in a supply chain. Management Sci. (2005) 51(8):1266–1277Link, Google Scholar
• Bastide K. Health care reform presents challenges for Howard Regional Health system. Indiana Economic Digest (2011) April 15). Available at http://www.indianaeconomicdigest.net/main.asp?SectionID=31&SubSectionID=135&ArticleID=59429Google Scholar
• Bhattacharyya S, Lafontaine F. Double-sided hazard and the nature of share contracts. RAND J. Econom. (1995) 26(4):761–781Crossref, Google Scholar
• Cezar A. Essays on information security and risk management. (2009) . Ph.D. Dissertation, The University of Texas at DallasGoogle Scholar
• Cezar A, Cavusoglu H, Raghunathan S. Outsourcing information security: Contracting issues and security implications. Ninth Workshop on Economics of Information Security (2010) WEIS 2010Cambridge, MAGoogle Scholar
• Chalos P, Sung J. Outsourcing decisions and managerial incentives. Decision Sci. (1998) 29(4):901–919Crossref, Google Scholar
• Cooper R, Ross TW. Product warranties and double moral hazard. RAND J. Econom. (1985) 16(1):103–113Crossref, Google Scholar
• Corbett CJ, DeCroix GA, Ha AY. Optimal shared-savings contracts in supply chains: Linear contracts and double moral hazard. Eur. J. Oper. Res. (2005) 163(3):653–667Crossref, Google Scholar
• Crothall Healthcare. Patient Satisfaction News (Jan. 13). (2011) . Available at http://media.crothall.com/global/news/2011-01_Patient_Satisfaction_News.pdfGoogle Scholar
• Dey D, Fan M, Zhang C. Design and analysis of contracts for software outsourcing. Inform. Systems Res. (2010) 21(1):93–114Link, Google Scholar
• Ding W, Yurcik W. Outsourcing Internet security: The effect of transaction costs on managed service providers. Internat. Conf. Telecommunication Systems, Modeling Anal. (2005) Dallas, TX:17–20Google Scholar
• Ding W, Yurcik W. Economics of Internet security outsourcing: Simulation results based on the Schneider model. Fifth Workshop on the Economics of Securing the Information Infrastructure (2006) WEIS 2006Washington, DC:1–22Google Scholar
• Ding W, Yrucik W, Yin X. Outsourcing Internet security: Economic analysis of incentives for managed security service providers. First Internat. Workshop on Internet and Network Econom. (2005) Hong Kong, China:947–958Crossref, Google Scholar
• Fenn C, Shooter R, Allan K. IT security outsourcing: How safe is your IT security? Comput. Law and Security Rep. (2002) 18(2):109–111Crossref, Google Scholar
• Fudenberg D, Tirole J. Game Theory (1998) (The MIT Press, Cambridge, MA) Google Scholar
• Gal-Or E, Ghose A. The economic incentives for sharing security information. Inform. Systems Res. (2005) 16(2):186–208Link, Google Scholar
• George R. Security to go: Is it time to shop MSSPs? InformationWeek (2008) November 1). Available at http://www.informationweek.com/news/showArticle.jhtml?articleID=211800247Google Scholar
• Goo J. Structure of service level agreements (SLA) in IT outsourcing: The construct and measurement. Inform. Systems Frontiers (2010) 12(2):185–205Crossref, Google Scholar
• Gordon LA, Loeb MP. The economics of information security investment. ACM Trans. Inform. System Security (2002) 5(4):438–457Crossref, Google Scholar
• Granger S. Social Engineering Fundamentals, Part 1: Hacker Tactics. (2001) . SecurityFocus (December 18), http://www.securityfocus.com/infocus/1527Google Scholar
• Gupta S, Romano RE. Monitoring the principal with multiple agents. RAND J. Econom. (1998) 29(2):427–442Crossref, Google Scholar
• Hayes F. Frankly speaking: Business partners are a prime attack vector. Computerworld (2008) June 23). http://www.computerworld.com/s/article/320953/Attack_VectorGoogle Scholar
• Jayanth R, Jacob VS, Radhakrishnan S. Vendor and client interaction for requirement assessment in software development: Implications for feedback process. Inform. Systems Res. (2010) 22(2):289–305Link, Google Scholar
• Kim SK, Wang S. Linear contracts and the double moral-hazard. J. Econom. Theory (1998) 82(2):342–378Crossref, Google Scholar
• Liu Z, Squillante MS, Wolf JL. On maximizing service-level-agreement profits. Proc. 3rd ACM Conf. Electronic Commerce (2001) New York, NY:213–223Crossref, Google Scholar
• Mayne M. Outsourcing made easy. (2008) . SC Magazine (December 1) 26. Available at http://www.scmagazineuk.com/outsourcing-made-easy/article/121804/Google Scholar
• Richmond W, Seidmann A, Whinston A. Incomplete contracting issues in information systems development outsourcing. Decision Support Systems (1992) 8(5):459–477Crossref, Google Scholar
• Rothke B, Mundhenk D. Sue the Auditor and Shut Down the Firm (July 9). (2009) . Available at http://www.csoonline.com/article/496923/Sue_the_Auditor_and_Shut_Down_the_FirmGoogle Scholar
• Rowe B. Will outsourcing IT security lead to a higher social level of security? Sixth Workshop on Economics of Information Security (2007) WEIS 2007Pittsburgh, PAGoogle Scholar
• Schneier B. The case for outsourcing security. Computer (2002) 35(4):20–26Crossref, Google Scholar
• Sen S, Raghu TS, Vinze A. Demand heterogeneity in IT infrastructure services: Modeling and evaluation of a dynamic approach to defining service levels. Inform. Systems Res. (2009) 20(2):258–276Link, Google Scholar
• Straub DW, Welke RJ. Coping with systems risk: Security planning models for management decision making. MIS Quart. (1998) 22(4):441–469Crossref, Google Scholar
• Vanauken J. Hired guns. Network Comput. (2006) August 3):39–50Google Scholar
• Varian HR. Managing online security risks. NewYork Times (2000) June 1). http://people.ischool.berkeley.edu/~hal/people/hal/NYTimes/2000-06-01.htmlGoogle Scholar
• Varian HR, Sadeh. System reliability and free riding. Fifth Internat. Conf. Electronic Commerce (2003) (ACM, New York) 355–366Google Scholar
• Wang ET, Barron T, Seidmann A. Contracting structures for custom software development: The impacts of informational rents and uncertainty on internal development and outsourcing. Management Sci. (1997) 43(12):1726–1744Link, Google Scholar
• Whang S. Contracting for software development. Management Sci. (1992) 38(3):307–324Link, Google Scholar
• Wood-Buhlman N, Matthes N. The time to prepare for value-based purchasing is now. (2011) . Whitepaper, Press Ganey. Available at http://www.pressganey.com/Documents_secure/White%20Papers/VBP_TimeToPrepareIsNow.pdf?viewFileGoogle Scholar
• Zetter K. In Legal First, Data-Breach Suit Targets Auditor, Wired (June 2). (2009) . Available at http://www.wired.com/threatlevel/2009/06/auditor_sued/Google Scholar
• Zwiener M. Overview of CMS Proposal for Value Based Purchasing. (2011) . Available at http://www.nrcpicker.com/Events/Conferences/Documents/Forms/AllItems.aspxGoogle Scholar