Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements

Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements

The interdependency of information security risks often induces firms to invest inefficiently in information technology security management. Cyberinsurance has been proposed as a promising solution to help firms optimize security spending. However, cyberinsurance is ineffective in addressing the investment inefficiency caused by risk interdependency. In this paper, we examine two alternative ri...

Managing Interdependent Information Security Risks: A Study of Cyberinsurance, Managed Security Service and Risk Pooling

The interdependency of information security risks poses a significant challenge for firms to manage security. Firms may overor under-invest in security because security investments generate network externalities. In this paper, we explore how firms can use three risk management approaches, third-party cyberinsurance, managed security service (MSS) and risk pooling arrangement (RPA), to address ...

Managed Security Services (MSS) based on Provisioned Security Services (PSS)

The paper discusses the reality of Managed Security Services today and their drawbacks. It then moves on to propose a solution to the most burning problems. The solution, Provisioned Security Services, is based on the premise that providing a strong provisioning platform, which automates processes and integrates into providers’ networks, will allow large providers to become key players in the a...

Managing Web Services Security

The promising features of Web services also make them vulnerable to new types of security threats. Web service providers must assure their clients’ confidentiality, integrity and availability over a trusted relationship that may be asynchronous and that may involve multiple business partners. Despite the continued significance of the traditional approaches to securing content, transmission and ...

New Frontiers: Assessing and Managing Security Risks