[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content

Advertisement

Springer Nature Link
Log in

A probabilistic model for optimal insurance contracts against security risks and privacy violation in IT outsourcing environments

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Day by day the provision of information technology goods and services becomes noticeably expensive. This is mainly due to the high labor cost for the service providers, resulting from the need to cover a vast variety of application domains and at the same time to improve or/and enhance the services offered in accordance to the requirements set by the competition. A business model that could ease the problem is the development or/and provision of the service by an external contractor on behalf of the service provider; known as Information Technology Outsourcing. However, outsourcing a service may have the side effect of transferring personal or/and sensitive data from the outsourcing company to the external contractor. Therefore the outsourcing company faces the risk of a contractor who does not adequately protect the data, resulting to their non-deliberate disclosure or modification, or of a contractor that acts maliciously in the sense that she causes a security incident for making profit out of it. Whatever the case, the outsourcing company is legally responsible for the misuse of personal data or/and the violation of an individual’s privacy. In this paper we demonstrate how companies adopting the outsourcing model can protect the personal data and privacy of their customers through an insurance contract. Moreover a probabilistic model for optimising, in terms of the premium and compensation amounts, the insurance contract is presented.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Acquisti A. (2004). Privacy and security of personal information: economic incentives and technological solutions. In: Camp, L. and Lewis, S. (eds) Economics of Information Security, pp. Springer, Berlin Heidelberg New York

    Google Scholar 

  2. Anderson, R.: Why information security is hard—an economic perspective. In: Proceedings of the 17th Annual Computer Security Applications Conference (2001)

  3. Aubert, B., Rivard, S., Patry, M.: Managing IT outsourcing risk: lessons learned. In: CIRANO Centre Interuniversitaire de Recherche en ANalyse des Organisations Scientific Series, 2001s-39 (2001)

  4. Aubert, B. Patry, M., Rivard, S.: Assessing the Risk of IT Outsourcing. In: CIRANO Centre Interuniversitaire de Recherche en ANalyse des Organisations Scientific Series, 1998s-16 (1998)

  5. Barry E., Mukhopadhyay T. and Slaughter S. (2002). Software project duration and effort: an empirical study. Inform. Technol. Manage. 3(1): 113–136

    Article  Google Scholar 

  6. Barthelemy J. (2001). The hidden costs of IT outsourcing. Sloan Manage. Rev. 42(3): 60–70

    MathSciNet  Google Scholar 

  7. Basu, V., Lederer, A.: An agency theory model of ERP implementation. In: Proceedings of the ACM SIGMIS’04, Tucson, USA (2004)

  8. Bodin L., Gordon L.A. and Loeb M.P. (2005). Evaluating information security investments using the analytic hierarchy process. Commun. ACM 48(2): 78–83

    Article  Google Scholar 

  9. Cavusoglu H., Mishra B. and Raghunathan S. (2004). A model for evaluating IT security investments. Commun. ACM 47(7): 87–92

    Article  Google Scholar 

  10. DiRomualdo A.V. and Gurbaani V. (1998). Strategic intent for IT outsourcing. Sloan Manage. Rev. 39(4): 67–80

    Google Scholar 

  11. Haberman S. and Pitacco S. (1999). Actuarial Models for Disability Insurance. Chapman and Hall, London

    MATH  Google Scholar 

  12. Gordon L.A. and Loeb M.P. (2002). The Economics of Information Security Investment. ACM Trans. Inform. Syst. Secur. 5(4): 438–457

    Article  Google Scholar 

  13. Gordon L.A., Loeb M.P. and Sohail T. (2003). A framework for using insurance for cyber risk management. Commun. ACM 46(3): 81–85

    Article  Google Scholar 

  14. Gordon L.A. and Loeb M.P. (2005). Managing Cyber-Security Resources: A Cost-Benefit Analysis. Mc Graw Hill, New York

    Google Scholar 

  15. Keil, P.: Principal agent theory and its application to analyze outsourcing of software development. In: Proceedings of the ACM EDSER’05, St Louis, USA (2005)

  16. Lacity M. and Willcocks L. (1998). Practices in information technology outsourcing: lessons from experience. MIS Q. 22(3): 363–408

    Article  Google Scholar 

  17. Laffont J.L., Martimort D. (2002) The Theory of Incentives: The Principa-Agent Model. Princeton

  18. Lambrinoudakis C., Gritzalis S., Hatzopoulos P., Yannacopoulos A.N. and Katsikas S.K. (2005). A formal model for pricing information systems insurance contracts. Comput. Stand. Interf. 27(5): 521–532

    Article  Google Scholar 

  19. Odlyzko, A.: Privacy, economics, and price discrimination on the internet. In: Proceedings of the 5th ACM International Conference on Electronic Commerce (2003)

  20. Richmond W.B. and Seidmann A. (1993). Software development outsourcing: contract structure and business value. J. Manage. Inform. Syst. 10(1): 57–72

    Google Scholar 

  21. Schechter, S., Smith, M.: How much security is enough to stop a thief: the economics of outsider theft via computer systems and networks. In: Proceedings of the Financial Cryptography Conference (2003)

  22. Wang E.T.G., Barron T. and Seidmann A. (1997). Contracting structures for custom software development: the impact of informational rents and uncertainty on internal development and outsourcing. Manage. Sci. 43(12): 1726–1744

    Article  MATH  Google Scholar 

  23. Wu D., Ding M., Hitt L.: Learning in ERP contracting: a principal-agent analysis. In: Sprague, R.H. Jr. (ed.) Proceedings of the Thirty-seventh Annual Hawaii International Conference on System Sciences, IEEE Computer Society Press, Los Alamitos, 2004 (2003)

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, 83200, Samos, Greece

    S. Gritzalis, C. Lambrinoudakis & S. K. Katsikas

  2. Department of Statistics and Actuarial-Financial Mathematics, University of the Aegean, Karlovassi, 83200, Samos, Greece

    A. N. Yannacopoulos & P. Hatzopoulos

Authors
  1. S. Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. N. Yannacopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. C. Lambrinoudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. P. Hatzopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. S. K. Katsikas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Gritzalis.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gritzalis, S., Yannacopoulos, A.N., Lambrinoudakis, C. et al. A probabilistic model for optimal insurance contracts against security risks and privacy violation in IT outsourcing environments. Int. J. Inf. Secur. 6, 197–211 (2007). https://doi.org/10.1007/s10207-006-0010-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-006-0010-x

Keywords

Search

Navigation