Bilateral liability-based contracts in information security outsourcing

Bilateral liability-based contracts in information security outsourcing

We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to...

Full description

Saved in:
Bibliographic Details
Main Authors: HUI, Kai-Lung, KE, Ping Fan, YAO, Yuxi, YUE, Wei Thoo
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
managed security service
liability-based contracts
negligence
auditing error
limited liability
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/4885
https://ink.library.smu.edu.sg/context/sis_research/article/5888/viewcontent/Bilateral___AV.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5888
record_format dspace
spelling sg-smu-ink.sis_research-58882020-02-13T08:27:34Z Bilateral liability-based contracts in information security outsourcing HUI, Kai-Lung KE, Ping Fan YAO, Yuxi YUE, Wei Thoo We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: threshold-based liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications. 2019-05-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4885 info:doi/10.1287/isre.2018.0806 https://ink.library.smu.edu.sg/context/sis_research/article/5888/viewcontent/Bilateral___AV.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University managed security service liability-based contracts negligence auditing error limited liability Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic managed security service
liability-based contracts
negligence
auditing error
limited liability
Information Security
spellingShingle managed security service
liability-based contracts
negligence
auditing error
limited liability
Information Security
HUI, Kai-Lung
KE, Ping Fan
YAO, Yuxi
YUE, Wei Thoo
Bilateral liability-based contracts in information security outsourcing
description We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: threshold-based liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications.
format text
author HUI, Kai-Lung
KE, Ping Fan
YAO, Yuxi
YUE, Wei Thoo
author_facet HUI, Kai-Lung
KE, Ping Fan
YAO, Yuxi
YUE, Wei Thoo
author_sort HUI, Kai-Lung
title Bilateral liability-based contracts in information security outsourcing
title_short Bilateral liability-based contracts in information security outsourcing
title_full Bilateral liability-based contracts in information security outsourcing
title_fullStr Bilateral liability-based contracts in information security outsourcing
title_full_unstemmed Bilateral liability-based contracts in information security outsourcing
title_sort bilateral liability-based contracts in information security outsourcing
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/4885
https://ink.library.smu.edu.sg/context/sis_research/article/5888/viewcontent/Bilateral___AV.pdf
_version_ 1770575085403373568

Similar Items