|Table of Contents|

[1] Xiong Qiang, Zhong Weijun, Mei Shue, et al. Incentive mechanism analysis of information security outsourcingbased on principal-agent model [J]. Journal of Southeast University (English Edition), 2014, 30 (1): 113-117. [doi:10.3969/j.issn.1003-7985.2014.01.021]
Copy

Incentive mechanism analysis of information security outsourcingbased on principal-agent model()
基于委托代理理论的信息安全外包激励机制分析
Share:

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:
30
Issue:
2014 1
Page:
113-117
Research Field:
Economy and Management
Publishing date:
2014-03-31

Info

Title:
Incentive mechanism analysis of information security outsourcingbased on principal-agent model
基于委托代理理论的信息安全外包激励机制分析
Author(s):
Xiong Qiang1 2 Zhong Weijun1 Mei Shu’e1
1School of Economics and Management, Southeast University, Nanjing 211189, China
2School of Management, Jiangsu University, Zhenjiang 212013, China
熊强1 2 仲伟俊1 梅姝娥1
1东南大学经济管理学院, 南京 211189; 2江苏大学管理学院, 镇江 212013
Keywords:
principal agent information security outsourcing incentive mechanism
委托代理 信息安全外包 激励机制
PACS:
F270
DOI:
10.3969/j.issn.1003-7985.2014.01.021
Abstract:
In order to solve principal-agent problems caused by interest inconformity and information asymmetry during information security outsourcing, it is necessary to design a reasonable incentive mechanism to promote client enterprises to complete outsourcing service actively. The incentive mechanism model of information security outsourcing is designed based on the principal-agent theory. Through analyzing the factors such as enterprise information assets value, invasion probability, information security environment, the agent cost coefficient and agency risk preference degree how to impact on the incentive mechanism, conclusions show that an enterprise information assets value and invasion probability have a positive influence on the fixed fee and the compensation coefficient; while information security environment, the agent cost coefficient and agency risk preference degree have a negative influence on the compensation coefficient. Therefore, the principal enterprises should reasonably design the fixed fee and the compensation coefficient to encourage information security outsourcing agency enterprises to the full extent.
为了解决企业信息安全外包过程中由于利益不一致和信息不对称产生的委托代理问题, 需要设计合理的激励机制来促使代理企业积极地完成外包服务.基于委托代理理论对信息安全外包激励机制进行建模, 分析信息资产价值、入侵概率、信息安全环境、代理人成本系数及代理人的风险偏好度等因素对激励机制的影响, 得出企业信息资产价值和入侵概率对固定酬金及补偿系数有着正向的影响, 而企业的信息安全环境、代理人成本系数以及代理的风险偏好度等因素均对补偿系数呈负向的影响.委托企业可以据此合理设定外包合约中的固定酬金及补偿系数, 以最大限度激励信息安全外包代理企业提升服务水平.

References:

[1] Schwartz M J. More firms outsourcing security to MSSPs[EB/OL].(2010)[2013-08-09]. http://www.informationweek.com/security/management/more-firms-outsourcing-security-to-mssps/225700537.
[2] Gordon L A, Loeb M P. The economics of information security investment[J]. ACM Transactions on Information and System Security, 2002, 5(4):438-457.
[3] Huang C D, Hu Q, Behara R S. An economic analysis of the optimal information security investment in the case of a risk-averse firm[J]. International Journal of Production Economics, 2008, 114(2): 793-804.
[4] Willcocks L P, Lacity M C, Kern T. Risk mitigation in IT outsourcing strategy revisited: longitudinal case research at LISA[J]. The Journal of Strategic Information Systems, 1999, 8(3): 285-314.
[5] Lee Jae-Nam, Miranda S M, Kim Yong-Mi. IT outsourcing strategies: universalistic, contingency, and configurational explanations of success[J]. Information Systems Research, 2004, 15(2): 110-131.
[6] Fenn C, Shooter R, Allan K. IT security outsourcing: how safe is your IT security?[J]. Computer Law & Security Review, 2002, 18(2): 109-111.
[7] Rowe B R. Will outsourcing IT security lead to a higher social level of security?[C]//Workshop on the Economics of Information Security(WEIS). Pittsburgh: Carnegie Mellon University, 2007: 1-37.
[8] Hui K, Hui W, Yue W T. Information security outsourcing with system interdependency and mandatory security requirement[J]. Journal of Management Information Systems, 2012, 29(3): 117-156.
[9] Koh C, Soon A, Straub D W. IT outsourcing success: a psychological contract perspective[J]. Information Systems Research, 2004, 15(4): 356-373.
[10] Reid T, Campbell K. IT outsourcing: success or disaster[J]. Canadian Underwriter, 2004, 71(10): 64-66.
[11] Lee C H, Geng X, Raghunathan S. Contracting information security in the presence of double moral hazard[J]. Information Systems Research, 2013, 24(2):295-311.
[12] Ding W, Yurcik W. Outsourcing internet security: the effect of transaction costs on managed service providers[C]//The International Conference on Telecommunication Systems—Modeling and Analysis. Dallas, TX, USA, 2005:17-20.

Memo

Memo:
Biographies: Xiong Qiang(1979—), male, graduate; Zhong Weijun(corresponding author), male, doctor, professor, zhongweijun@seu.edu.cn.
Foundation items: The National Natural Science Foundation of China(No.71071033), the Youth Foundation of Humanity and Social Science of Ministry of Education of China(No.11YJC630234).
Citation: Xiong Qiang, Zhong Weijun, Mei Shu’e.Incentive mechanism analysis of information security outsourcing based on principal-agent model.[J].Journal of Southeast University(English Edition), 2014, 30(1):113-117.[doi:10.3969/j.issn.1003-7985.2014.01.021]
Last Update: 2014-03-20