Abstract
With increasing use of information systems, many organizations are outsourcing information security protection to a managed security service provider (MSSP). However, diagnosing the risk of an information system requires special expertise, which could be costly and difficult to acquire. The MSSP may exploit their professional advantage and provide fraudulent diagnosis of clients’ vulnerabilities. Such an incentive to mis-represent clients’ risks is often called the credence goods problem in the economics literature[3]. Although different mechanisms have been introduced to tackle the credence goods problem, in the information security outsourcing context, such mechanisms may not work well with the presence of system interdependency risks[6], which are introduced by inter-connecting multiple clients’ systems by the MSSP. In particular, we find that allowing clients to seek alternative diagnosis of their vulnerabilities may not remove the MSSP’s fraudulent behaviors. We shall explore alternative ways to solve the credence goods problem in the information security outsourcing context.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Akerlof, G.A.: The market for “lemons”: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics 84(3), 488–500 (1970)
Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)
Dulleck, U., Kerschbamer, R.: On doctors, mechanics, and computer specialists: The economics of credence goods. Journal of Economic Literature 44(1), 5–42 (2006)
Emons, W.: Credence goods and fraudulent experts. The Rand Journal of Economics 28(1), 107–119 (1997)
Fong, Y.: When do experts cheat and whom do they target? RAND Journal of Economics 36(1), 113–130 (2005)
Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2), 231–249 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ke, P.F., Hui, KL., Yue, W.T. (2013). Information Security as a Credence Good. In: Adams, A.A., Brenner, M., Smith, M. (eds) Financial Cryptography and Data Security. FC 2013. Lecture Notes in Computer Science, vol 7862. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41320-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-41320-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41319-3
Online ISBN: 978-3-642-41320-9
eBook Packages: Computer ScienceComputer Science (R0)