Information security as a credence good
Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Title of host publication | Financial Cryptography and Data Security |
Subtitle of host publication | FC 2013 Workshops, USEC and WAHC 2013, Revised Selected Papers |
Publisher | Springer Verlag |
Pages | 83-93 |
Volume | 7862 LNCS |
ISBN (print) | 9783642413193 |
Publication status | Published - 2013 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 7862 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (electronic) | 1611-3349 |
Conference
Title | 16th International Conference on Financial Cryptography and Data Security, FC 2013 |
---|---|
Place | Japan |
City | Okinawa |
Period | 1 April 2013 |
Link(s)
Abstract
With increasing use of information systems, many organizations are outsourcing information security protection to a managed security service provider (MSSP). However, diagnosing the risk of an information system requires special expertise, which could be costly and difficult to acquire. The MSSP may exploit their professional advantage and provide fraudulent diagnosis of clients' vulnerabilities. Such an incentive to mis-represent clients' risks is often called the credence goods problem in the economics literature[3]. Although different mechanisms have been introduced to tackle the credence goods problem, in the information security outsourcing context, such mechanisms may not work well with the presence of system interdependency risks [6], which are introduced by inter-connecting multiple clients' systems by the MSSP. In particular, we find that allowing clients to seek alternative diagnosis of their vulnerabilities may not remove the MSSP's fraudulent behaviors. We shall explore alternative ways to solve the credence goods problem in the information security outsourcing context. © International Financial Cryptography Association 2013.
Research Area(s)
- Credence good, Information security outsourcing, Interdependency risks
Citation Format(s)
Information security as a credence good. / Ke, Ping Fan; Hui, Kai-Lung; Yue, Wei T.
Financial Cryptography and Data Security: FC 2013 Workshops, USEC and WAHC 2013, Revised Selected Papers. Vol. 7862 LNCS Springer Verlag, 2013. p. 83-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7862 LNCS).
Financial Cryptography and Data Security: FC 2013 Workshops, USEC and WAHC 2013, Revised Selected Papers. Vol. 7862 LNCS Springer Verlag, 2013. p. 83-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7862 LNCS).
Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review