Skip to main content
Book cover

International Conference on Financial Cryptography and Data Security

FC 2013: Financial Cryptography and Data Security pp 83–93Cite as

Information Security as a Credence Good

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7862)

Abstract

With increasing use of information systems, many organizations are outsourcing information security protection to a managed security service provider (MSSP). However, diagnosing the risk of an information system requires special expertise, which could be costly and difficult to acquire. The MSSP may exploit their professional advantage and provide fraudulent diagnosis of clients’ vulnerabilities. Such an incentive to mis-represent clients’ risks is often called the credence goods problem in the economics literature[3]. Although different mechanisms have been introduced to tackle the credence goods problem, in the information security outsourcing context, such mechanisms may not work well with the presence of system interdependency risks[6], which are introduced by inter-connecting multiple clients’ systems by the MSSP. In particular, we find that allowing clients to seek alternative diagnosis of their vulnerabilities may not remove the MSSP’s fraudulent behaviors. We shall explore alternative ways to solve the credence goods problem in the information security outsourcing context.

Keywords

  • Information security outsourcing
  • credence good
  • interdependency risks

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-41320-9_6
  • Chapter length: 11 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   39.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-41320-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   54.99
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akerlof, G.A.: The market for “lemons”: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics 84(3), 488–500 (1970)

    CrossRef  Google Scholar 

  2. Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)

    CrossRef  Google Scholar 

  3. Dulleck, U., Kerschbamer, R.: On doctors, mechanics, and computer specialists: The economics of credence goods. Journal of Economic Literature 44(1), 5–42 (2006)

    CrossRef  Google Scholar 

  4. Emons, W.: Credence goods and fraudulent experts. The Rand Journal of Economics 28(1), 107–119 (1997)

    CrossRef  Google Scholar 

  5. Fong, Y.: When do experts cheat and whom do they target? RAND Journal of Economics 36(1), 113–130 (2005)

    MathSciNet  Google Scholar 

  6. Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2), 231–249 (2003)

    CrossRef  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hong Kong University of Science and Technology, Hong Kong

    Ping Fan Ke & Kai-Lung Hui

  2. City University of Hong Kong, Hong Kong

    Wei T. Yue

Authors
  1. Ping Fan Ke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kai-Lung Hui
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei T. Yue
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Business Information Ethics, Meiji University, Kanda Surugadai 1-1, 101-8301, Tokyo, Japan

    Andrew A. Adams

  2. Distributed Computing and Security Group, Leibniz Universität Hannover, Schloßwender Straße 5, 30159, Hanover, Germany

    Michael Brenner & Matthew Smith & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ke, P.F., Hui, KL., Yue, W.T. (2013). Information Security as a Credence Good. In: Adams, A.A., Brenner, M., Smith, M. (eds) Financial Cryptography and Data Security. FC 2013. Lecture Notes in Computer Science, vol 7862. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41320-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41320-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41319-3

  • Online ISBN: 978-3-642-41320-9

  • eBook Packages: Computer ScienceComputer Science (R0)