Bilateral Liability-Based Contracts in Information Security Outsourcing
成果类型:
Article
署名作者:
Hui, Kai-Lung; Ke, Ping Fan; Yao, Yuxi; Yue, Wei T.
署名单位:
Hong Kong University of Science & Technology; Western University (University of Western Ontario); City University of Hong Kong
刊物名称:
INFORMATION SYSTEMS RESEARCH
ISSN/ISSBN:
1047-7047
DOI:
10.1287/isre.2018.0806
发表日期:
2019
页码:
411-429
关键词:
Moral hazard
SOFTWARE-DEVELOPMENT
services
warranties
incentives
client
摘要:
We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: threshold-based liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications.
来源URL: