Multilateral Contracts in Information Security Outsourcing

IRPN: Innovation & Human Resource Management (Topic) Pub Date : 2017-06-12 DOI:10.2139/ssrn.2985058

Ming Zhao, Jingguo Wang, Jie Zhang

{"title":"Multilateral Contracts in Information Security Outsourcing","authors":"Ming Zhao, Jingguo Wang, Jie Zhang","doi":"10.2139/ssrn.2985058","DOIUrl":null,"url":null,"abstract":"Coordinating the efforts of contractual parties in information security outsourcing is challenging given that a managed security service provider (MSSP) and its contractual partners cannot perfectly observe or verify each other's investment. This study examines the use of multilateral contracts in addressing the double moral hazard problem for managed security services. We present a comprehensive investigation of multilateral contracts, and analyze the influence of externalities and breach probabilities on contingent payments. The results show that a normalized externality, the ratio between a firm's externality and its investment efficiency, dictates the levels of contingent payments in multilateral contracts. We further demonstrate the flexibility of designing multilateral contracts, and discuss three contract types: the equal-refund contract, the externality contract, and the risk-free contract. Each contract type brings different benefits to the contractual parties and can be chosen based on their security management preferences. At last, we show how to extend these contract types when the number of firms increases.","PeriodicalId":432527,"journal":{"name":"IRPN: Innovation & Human Resource Management (Topic)","volume":"663 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IRPN: Innovation & Human Resource Management (Topic)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/ssrn.2985058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Coordinating the efforts of contractual parties in information security outsourcing is challenging given that a managed security service provider (MSSP) and its contractual partners cannot perfectly observe or verify each other's investment. This study examines the use of multilateral contracts in addressing the double moral hazard problem for managed security services. We present a comprehensive investigation of multilateral contracts, and analyze the influence of externalities and breach probabilities on contingent payments. The results show that a normalized externality, the ratio between a firm's externality and its investment efficiency, dictates the levels of contingent payments in multilateral contracts. We further demonstrate the flexibility of designing multilateral contracts, and discuss three contract types: the equal-refund contract, the externality contract, and the risk-free contract. Each contract type brings different benefits to the contractual parties and can be chosen based on their security management preferences. At last, we show how to extend these contract types when the number of firms increases.

查看原文本刊更多论文

信息安全外包中的多边合同

鉴于托管安全服务提供商(MSSP)及其合同合作伙伴无法完美地观察或验证彼此的投资，协调信息安全外包合同各方的努力具有挑战性。本研究考察了多边合同在解决管理安全服务的双重道德风险问题中的应用。我们对多边合同进行了全面调查，并分析了外部性和违约概率对或有支付的影响。结果表明，标准化的外部性，即企业外部性与其投资效率之间的比率，决定了多边合同中或有支付的水平。我们进一步论证了多边合同设计的灵活性，并讨论了三种合同类型:等额退款合同、外部性合同和无风险合同。每种合同类型为合同各方带来不同的利益，可以根据他们的安全管理偏好进行选择。最后，我们展示了当企业数量增加时，如何扩展这些契约类型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IRPN: Innovation & Human Resource Management (Topic)

自引率

0.00%

发文量