Abstract
To efficiently manage information security, firms typically outsource the security of partial business (core and non-core) to a managed security service provider (MSSP). Four options can be adopted for a firm on security strategy, that is, all business is managed in-house (IN Strategy), all business is outsourced to the MSSP (OA Strategy), the core business is outsourced and non-core is managed in-house (OC Strategy), and the core is managed in-house and non-core is outsourced (ONC Strategy). We consider the impact of security externality on the firm’s partial outsourcing strategies and find that if the firm wants a higher security quality of the core business, it is better to manage the core business by itself under an environment where the security externality is negative and the security loss ratio between core and non-core business is low. In addition. The security externality has different effects on both parties’ security decisions under the OC and ONC strategies. Moreover, we show the firm will adopt the partial outsourcing strategy only under a very high security externality when the security loss ratio is high, and the OC strategy is always the worst strategy when the MSSP’s cost coefficient is low. Finally, we extend the main model to an asymmetric case to make our model more general.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
