Skip to main content

Information Security as a Credence Good

  • Conference paper
Financial Cryptography and Data Security (FC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7862))

Included in the following conference series:

Abstract

With increasing use of information systems, many organizations are outsourcing information security protection to a managed security service provider (MSSP). However, diagnosing the risk of an information system requires special expertise, which could be costly and difficult to acquire. The MSSP may exploit their professional advantage and provide fraudulent diagnosis of clients’ vulnerabilities. Such an incentive to mis-represent clients’ risks is often called the credence goods problem in the economics literature[3]. Although different mechanisms have been introduced to tackle the credence goods problem, in the information security outsourcing context, such mechanisms may not work well with the presence of system interdependency risks[6], which are introduced by inter-connecting multiple clients’ systems by the MSSP. In particular, we find that allowing clients to seek alternative diagnosis of their vulnerabilities may not remove the MSSP’s fraudulent behaviors. We shall explore alternative ways to solve the credence goods problem in the information security outsourcing context.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Akerlof, G.A.: The market for “lemons”: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics 84(3), 488–500 (1970)

    Article  Google Scholar 

  2. Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)

    Article  Google Scholar 

  3. Dulleck, U., Kerschbamer, R.: On doctors, mechanics, and computer specialists: The economics of credence goods. Journal of Economic Literature 44(1), 5–42 (2006)

    Article  Google Scholar 

  4. Emons, W.: Credence goods and fraudulent experts. The Rand Journal of Economics 28(1), 107–119 (1997)

    Article  Google Scholar 

  5. Fong, Y.: When do experts cheat and whom do they target? RAND Journal of Economics 36(1), 113–130 (2005)

    MathSciNet  Google Scholar 

  6. Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2), 231–249 (2003)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ke, P.F., Hui, KL., Yue, W.T. (2013). Information Security as a Credence Good. In: Adams, A.A., Brenner, M., Smith, M. (eds) Financial Cryptography and Data Security. FC 2013. Lecture Notes in Computer Science, vol 7862. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41320-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41320-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41319-3

  • Online ISBN: 978-3-642-41320-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics