检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
出 处:《系统工程理论与实践》2016年第2期392-399,共8页Systems Engineering-Theory & Practice
基 金:国家自然科学基金(71071033)~~
摘 要:研究了信息安全外包背景下委托公司如何通过激励措施来协调管理安全服务提供商(MSSP)的努力水平从而有效地控制信息安全风险的问题.基于前人的研究和委托代理理论,提出了三种契约模型,即一般惩罚契约、部分外包契约和奖励-惩罚契约.然后对不同外包模式的均衡结果分别讨论并进行全面比较.研究结果表明,部分外包契约优于一般惩罚契约,但只有奖励-惩罚契约能够诱导MSsP最优努力的同时也使委托公司获得最大的回报.结论对信息安全外包的契约设计和风险控制有一定的管理启示.This paper analyzes how an outsourcing firm develops effective incentive measures to coordinate efforts of managed security service provider(MSSP) in the information security outsourcing project in order to control the risk associated with information security.Based on previous researches and the principal-agency theory,three models of contractual arrangements are introduced,which include general penalty contract,partial outsourcing contract and reward-penalty contract.Then,the equilibrium results of different outsourcing contracts are discussed respectively and compared comprehensively.The results indicate that,partial outsourcing contract is superior to penalty contract.But only the reward-penalty contract is able to induce first-best efforts from MSSP,by which the outsourcing firm can enjoy the maximum payoff as well.The conclusion provides some managerial implications for the contract design and risk control in the information security outsourcing.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.223.125.111