Article
Rethinking FS-ISAC: An IT Security Information Sharing Model for the Financial Services Sector
Communications of the Association for Information Systems
(2014)
Abstract
This study examines a critical incentive alignment issue facing FS-ISAC (the information sharing alliance in the financial services industry). Failure to encourage members to share their IT security-related information has seriously undermined the founding rationale of FS-ISAC. Our analysis shows that many information sharing alliances’ membership policies are plagued with the incentive misalignment issue and may result in a “free-riding” or “no information sharing” equilibrium. To address this issue, we propose a new information sharing membership policy that incorporates an insurance option and show that the proposed policy can align members’ incentives and lead to a socially optimal outcome. Moreover, when a transfer payment mechanism is implemented, all member firms will be better off joining the insurance network. These results are demonstrated in a simulation in which IT security breach losses are compared both with and without participating in the proposed information sharing insurance plan.
Keywords
- Rethinking,
- FS-ISAC,
- IT security,
- Information sharing model,
- Financial services sector
Disciplines
Publication Date
2014
Citation Information
Charles Zhechao Liu, Humayun Zafar and Yoris A. Au. "Rethinking FS-ISAC: An IT Security Information Sharing Model for the Financial Services Sector" Communications of the Association for Information Systems Vol. 34 Iss. 1 (2014) Available at: http://works.bepress.com/humayun_zafar/24/