Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Competition, Speculative Risks, and IT Security Outsourcing
Date
2009-06-25
Author
Cezar, Asunur
Cavusoglu, Huseyin
Raghunathan, Srinivasan
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
170
views
0
downloads
Cite This
Information security management is becoming a more critical and, simultaneously, a challenging function for many firms. Even though many security managers are skeptical about outsourcing of IT security, others have cited reasons that are used for outsourcing of traditional IT functions for why security outsourcing is likely to increase. Our research offers a novel explanation, based on competitive externalities associated with IT security, for firms' decisions to outsource IT security. We show that if competitive externalities are ignored, then a firm will outsource security if and only if the MSSP offers a quality (or a cost) advantage over in-house operations, which is consistent with the traditional explanation for security outsourcing. However, a higher quality is neither a prerequisite nor a guarantee for a firm to outsource security. The competitive risk environment and the nature of the security function outsourced, in addition to quality, determine firms' outsourcing decisions. If the reward from the competitor's breach is higher than the loss from own breach, then even if the likelihood of a breach is higher under the MSSP the expected benefit from the competitive demand externality may offset the loss from the higher likelihood of breaches, resulting in one or both firms outsourcing security. The incentive to outsource security monitoring is higher than that of infrastructure management because the MSSP can reduce the likelihood of breach on both firms and thus enhance the demand externality effect. The incentive to outsource security monitoring (infrastructure management) is higher (lower) if either the likelihood of breach on both firms is lower (higher) when security is outsourced or the benefit (relative to loss) from the externality is higher (lower). The benefit from the demand
Subject Keywords
Information
,
Difussion
URI
https://hdl.handle.net/11511/67295
DOI
https://doi.org/10.1007/978-1-4419-6967-5_15
Collections
Department of Business Administration, Conference / Seminar
Suggestions
OpenMETU
Core
Evaluation and selection of case tools: a methodology and a case study
Okşar, Koray; Okşar, Koray; Department of Information Systems (2010)
Today’s Computer Aided Software Engineering (CASE) technology covers nearly all activities in software development ranging from requirement analysis to deployment.Organizations are evaluating CASE tool solutions to automate or ease their processes. While reducing human errors, these tools also increase control, visibility and auditability of the processes. However, to achieve these benefits, the right tool or tools should be selected for usage in the intended processes. This is not an easy task when the vas...
Organizational factors required for IT and business strategies alignment
Altınışık, Said; Çetin, Yasemin; Department of Information Systems (2015)
Previous literature strongly supports that the alignment of a firm’s information systems with business strategies leads to superior business performance and provides the firm a competitive advantage in the market. This study examines the antecedent factors of IT and business strategies alignment particularly for the Turkish context. Our research method in this study is embedded correlational model under the umbrella of mixed method research design. We derived the factors that were shown to contribute to bus...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Plural: A decentralized business process modeling method
Turetken, Oktay; Demirörs, Onur (Elsevier BV, 2011-08-01)
Top-down and centralized approaches prevail in the design and improvement of business processes. However, centralized structures pose difficulties for organizations in adapting to a rapidly changing business environment. Here we present the Plural method which can be used to guide organizations in performing process modeling in a decentralized way. Instead of a centralized group of people understanding, modeling and improving processes, our method allows individuals to model and improve their own processes ...
Aerospace-Academia: ERP-Communication Framework Strategy
Rashid, M. Asif; Qureshi, Hammad; Shami, Muiz-ud-Din; Khan, Nawar; Sayin, Erol; SEYREK, İBRAHİM HALİL (2010-07-02)
The advancement in management information systems and business intelligence has changed the dynamics of knowledge management. The integration of ERP module for strategic-collaboration among industry-R&D departments with university-wide "Smart-campus" has further reiterated the target focused team environment coupled with value-based corporate-culture. The integration of academia R&D units with industrial-production-units for knowledge-management as well as resource-management is becoming extremely multiface...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
A. Cezar, H. Cavusoglu, and S. Raghunathan, “Competition, Speculative Risks, and IT Security Outsourcing,” 2009, p. 301, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/67295.
