TY - GEN
T1 - Exploitation of auctions for outsourcing security-critical projects
AU - Kandias, Miltiadis
AU - Mylonas, Alexios
AU - Theoharidou, Marianthi
AU - Gritzalis, Dimitris
PY - 2011
Y1 - 2011
N2 - ICT outsourcing may introduce several risks. This paper attempts to mitigate this problem by applying an auctioning scheme. By adopting the scheme, the involved organization selects one or more potential outsourced service providers via an auction similar to the FCC spectrum ones. The project is divided in sub-projects, bidders are pre-evaluated, in terms of security and each bid is assessed in terms of cost and appropriate security metrics. The bidding process continues according to the auction rules allocating all the sub-projects to the best bidders. The ultimate goal is to achieve upgraded security, while keeping the cost at a reasonable level and meeting adequate security requirements. In this direction our model provokes competition and motivates providers to place superior bids, in terms of security, while providing flexibility to the organization. The auction process is demonstrated through a case study, where the outsourcer is a critical infrastructure organization.
AB - ICT outsourcing may introduce several risks. This paper attempts to mitigate this problem by applying an auctioning scheme. By adopting the scheme, the involved organization selects one or more potential outsourced service providers via an auction similar to the FCC spectrum ones. The project is divided in sub-projects, bidders are pre-evaluated, in terms of security and each bid is assessed in terms of cost and appropriate security metrics. The bidding process continues according to the auction rules allocating all the sub-projects to the best bidders. The ultimate goal is to achieve upgraded security, while keeping the cost at a reasonable level and meeting adequate security requirements. In this direction our model provokes competition and motivates providers to place superior bids, in terms of security, while providing flexibility to the organization. The auction process is demonstrated through a case study, where the outsourcer is a critical infrastructure organization.
KW - Auction
KW - IT Security
KW - Outsourcing
KW - Security-Critical
UR - http://www.scopus.com/inward/record.url?scp=80052770275&partnerID=8YFLogxK
U2 - 10.1109/ISCC.2011.5983912
DO - 10.1109/ISCC.2011.5983912
M3 - Conference contribution
AN - SCOPUS:80052770275
SN - 9781457706783
T3 - Proceedings - IEEE Symposium on Computers and Communications
SP - 646
EP - 651
BT - 16th IEEE Symposium on Computers and Communications, ISCC'11
T2 - 16th IEEE Symposium on Computers and Communications, ISCC'11
Y2 - 28 June 2011 through 1 July 2011
ER -