• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International conference on information systems;ICIS 2009 >Managing Interdependent Information Security Risks: A Study of Cyberinsurance, Managed Security Service and Risk Pooling
【24h】

Managing Interdependent Information Security Risks: A Study of Cyberinsurance, Managed Security Service and Risk Pooling

机译:管理相互依赖的信息安全风险:网络保险,托管安全服务和风险分担的研究

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The interdependency of information security risks poses a significant challenge for firms to manage security. Firms may over- or under-invest in security because security investments generate network externalities. In this paper, we explore how firms can use three risk management approaches, third-party cyberinsurance, managed security service (MSS) and risk pooling arrangement (RPA), to address the issue of investment inefficiency. We show that compared with cyberinsurance, MSS is more effective in mitigating the security investment inefficiency because the MSS provider (MSSP) serving multiple firms can endogenize the externalities of security investments. However, the investment externalities may discourage a far-profit MSSP from serving all firms even on a monopoly market. We then show that firms can use RPA as a complement to cyberinsurance to address risk interdependency for all firms. However, the adoption of RPA is incentive-compatible for firms only when the security investments generate negative externalities.
机译:信息安全风险的相互依赖性对公司管理安全性提出了重大挑战。由于安全投资会产生网络外部性,因此企业可能在安全方面投资过多或投资不足。在本文中,我们探讨了公司如何使用三种风险管理方法,即第三方网络保险,可管理的安全服务(MSS)和风险汇总安排(RPA),来解决投资效率低下的问题。我们证明,与网络保险相比,MSS在缓解安全投资效率低下方面更为有效,因为为多家公司提供服务的MSS提供程序(MSSP)可以内生安全投资的外部性。但是,投资的外部性可能会阻止即使是在垄断市场上,利润丰厚的MSSP也无法为所有公司提供服务。然后,我们证明了公司可以使用RPA作为网络保险的补充,以解决所有公司的风险相互依赖性。但是,仅当证券投资产生负外部性时,采用RPA才对公司具有激励作用。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号