The issue of trust and risk in outsourced relationships was extended beyond traditional outsourcing models with the introduction of Application Service Providers (ASPs). As ASPs evolve, Managed Security Service Providers (MSSPs) have emerged as external providers of security for firms facing increasing information assurance threats. This research-in-progress paper develops a conceptual model of...

Key management plays fundamental role in research on security service in wireless sensor networks (WSNs). However, due to the resource constraints, establishing pairwise keys in WSNs is not a trivial tasks. Several exiting key management schemes have been proposed in literature to establish pairwise keys between sensor nodes, but they either can not offer strong resilience against node capture ...

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes. In this paper, we introduce the state-of-the-art of non-repudiation protocols for multiple entities. We extend an existing multi-party non-repudiation (MPNR) protocol to allow an originator to send different messages to many recipients in a single transaction. We further propose an ...

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes. In this paper, we introduce the state-of-the-art of multi-party non-repudiation protocols, and analyze the previous work where one originator is able to send the same message to many recipients. We propose a new multi-party non-repudiation protocol for sending different messages to ...

Email plays an important role in the digital economy but is threatened by increasingly sophisticated cybercrimes. A number of security services have been developed, including an email authentication service designed to cope with email threats. It remains unknown how users perceive and evaluate these security services and consequently form their adoption intention. Drawing on the Technology Acce...

With increasing use of information systems, many organizations are outsourcing information security protection to a managed security service provider (MSSP). However, diagnosing the risk of an information system requires special expertise, which could be costly and difficult to acquire. The MSSP may exploit their professional advantage and provide fraudulent diagnosis of clients’ vulnerabilitie...

End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of informati...

On information security outsourcing market, an important reason that firms do not want to let outside firms(usually called MSSPs-Managed Security Service Providers) to take care of their security need is that they worry about service quality MSSPs provide because they cannot monitor effort of the MSSPs. Since MSSPs action is unobservable to buyers, MSSPs can lower cost by working less hard than...

The emergence of internetworked systems enables corporations and government agencies to share information in an unprecedented fashion. The sharing of information expands the traditional enterprise boundary to even include dynamically established virtual enterprises. The internetworking of systems introduces significant security challenges and requirements for a new enterprise security assessmen...

The interdependency of information security risks poses a significant challenge for firms to manage security. Firms may overor under-invest in security because security investments generate network externalities. In this paper, we explore how firms can use three risk management approaches, third-party cyberinsurance, managed security service (MSS) and risk pooling arrangement (RPA), to address ...