Information Security as a Credence Good
نویسندگان
چکیده
With increasing use of information systems, many organizations are outsourcing information security protection to a managed security service provider (MSSP). However, diagnosing the risk of an information system requires special expertise, which could be costly and difficult to acquire. The MSSP may exploit their professional advantage and provide fraudulent diagnosis of clients’ vulnerabilities. Such an incentive to mis-represent clients’ risks is often called the credence goods problem in the economics literature[3]. Although different mechanisms have been introduced to tackle the credence goods problem, in the information security outsourcing context, such mechanisms may not work well with the presence of system interdependency risks[6], which are introduced by inter-connecting multiple clients’ systems by the MSSP. In particular, we find that allowing clients to seek alternative diagnosis of their vulnerabilities may not remove the MSSP’s fraudulent behaviors. We shall explore alternative ways to solve the credence goods problem in the information security outsourcing context.
منابع مشابه
Credence Goods and Fraudulent Experts
This paper is about a market for credence goods. With a credence good consumers are never sure about the extent of the good they actually need. Therefore, sellers act as experts determining the customers’ requirements. This information asymmetry between buyers and sellers obviously creates strong incentives for sellers to cheat on services. We analyze whether the market mechanism may induce non...
متن کاملLending credence: motivation, trust, and organic certification
The information asymmetries inherent in credence goods have typically led economists to conclude these markets require well-defined quality standards and third-party verification that producers are meeting those standards. Nonetheless, many producers of credence goods appear to be opting out of certification. Why? This paper builds in previous research and develops a theoretical framework to th...
متن کاملThe hidden costs of tax evasion.: Collaborative tax evasion in markets for expert services
In markets where transactions are governed by contractual incompleteness, revealed intentions to evade taxes may affect market performance. We experimentally examine the impact of tax evasion attempts on the performance of credence goods markets, where contractual incompleteness results from asymmetric information on the welfare maximizing quality of the good. We find that tax evasion attempts ...
متن کاملPrice competition and reputation in credence goods markets: Experimental evidence∗ Preliminary
Experts have better information about the appropriate quality of treatment or surplus from trade than their customers. Providing both diagnosis and treatment, this leaves scope for fraud. In a credence good set-up, we experimentally investigate how intensity of price competition and the level of customer information about past expert behavior in uence an expert's incentive to defraud his custom...
متن کاملSecure Routing Protocol: Affection on MANETs Performance
In mobile ad hoc networks, the absence ofinfrastructure and the consequent absence of authorizationfacilities impede the usual practice of establishing a practicalcriterion to distinguishing nodes as trusted and distrusted.Since all nodes in the MANETs would be used as router inmulti-hop applications, secure routing protocols have vital rulein the security of the network. So evaluating the perf...
متن کامل