Exploitation of auctions for outsourcing security-critical projects

Miltiadis Kandias, Alexios Mylonas, Marianthi Theoharidou, Dimitris Gritzalis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)


ICT outsourcing may introduce several risks. This paper attempts to mitigate this problem by applying an auctioning scheme. By adopting the scheme, the involved organization selects one or more potential outsourced service providers via an auction similar to the FCC spectrum ones. The project is divided in sub-projects, bidders are pre-evaluated, in terms of security and each bid is assessed in terms of cost and appropriate security metrics. The bidding process continues according to the auction rules allocating all the sub-projects to the best bidders. The ultimate goal is to achieve upgraded security, while keeping the cost at a reasonable level and meeting adequate security requirements. In this direction our model provokes competition and motivates providers to place superior bids, in terms of security, while providing flexibility to the organization. The auction process is demonstrated through a case study, where the outsourcer is a critical infrastructure organization.

Original languageEnglish
Title of host publication16th IEEE Symposium on Computers and Communications, ISCC'11
Number of pages6
Publication statusPublished - 2011
Event16th IEEE Symposium on Computers and Communications, ISCC'11 - Corfu, Greece
Duration: 28 Jun 20111 Jul 2011

Publication series

NameProceedings - IEEE Symposium on Computers and Communications
ISSN (Print)1530-1346


Conference16th IEEE Symposium on Computers and Communications, ISCC'11


  • Auction
  • IT Security
  • Outsourcing
  • Security-Critical


Dive into the research topics of 'Exploitation of auctions for outsourcing security-critical projects'. Together they form a unique fingerprint.

Cite this