Rethinking FS-ISAC: An IT security information sharing network model for the financial services sector

Charles Z. Liu, Humayun Zafar, Yoris A. Au

Research output: Contribution to journalArticlepeer-review

22 Scopus citations

Abstract

This study examines a critical incentive alignment issue facing FS-ISAC (the information sharing alliance in the financial services industry). Failure to encourage members to share their IT security-related information has seriously undermined the founding rationale of FS-ISAC. Our analysis shows that many information sharing alliances' membership policies are plagued with the incentive misalignment issue and may result in a "free-riding" or "no information sharing" equilibrium. To address this issue, we propose a new information sharing membership policy that incorporates an insurance option and show that the proposed policy can align members' incentives and lead to a socially optimal outcome. Moreover, when a transfer payment mechanism is implemented, all member firms will be better off joining the insurance network. These results are demonstrated in a simulation in which IT security breach losses are compared both with and without participating in the proposed information sharing insurance plan.

Original languageEnglish
Article number2
Pages (from-to)15-36
Number of pages22
JournalCommunications of the Association for Information Systems
Volume34
Issue number1
DOIs
StatePublished - 2014

Keywords

  • Economic theory
  • Game theory
  • Information sharing
  • Organization
  • Security
  • Simulation

Fingerprint

Dive into the research topics of 'Rethinking FS-ISAC: An IT security information sharing network model for the financial services sector'. Together they form a unique fingerprint.

Cite this