Exploitation of auctions for outsourcing security-critical projects

Miltiadis Kandias, Alexios Mylonas, Marianthi Theoharidou, Dimitris Gritzalis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

ICT outsourcing may introduce several risks. This paper attempts to mitigate this problem by applying an auctioning scheme. By adopting the scheme, the involved organization selects one or more potential outsourced service providers via an auction similar to the FCC spectrum ones. The project is divided in sub-projects, bidders are pre-evaluated, in terms of security and each bid is assessed in terms of cost and appropriate security metrics. The bidding process continues according to the auction rules allocating all the sub-projects to the best bidders. The ultimate goal is to achieve upgraded security, while keeping the cost at a reasonable level and meeting adequate security requirements. In this direction our model provokes competition and motivates providers to place superior bids, in terms of security, while providing flexibility to the organization. The auction process is demonstrated through a case study, where the outsourcer is a critical infrastructure organization.

Original languageEnglish
Title of host publication16th IEEE Symposium on Computers and Communications, ISCC'11
Pages646-651
Number of pages6
DOIs
Publication statusPublished - 2011
Event16th IEEE Symposium on Computers and Communications, ISCC'11 - Corfu, Greece
Duration: 28 Jun 20111 Jul 2011

Publication series

NameProceedings - IEEE Symposium on Computers and Communications
ISSN (Print)1530-1346

Conference

Conference16th IEEE Symposium on Computers and Communications, ISCC'11
Country/TerritoryGreece
CityCorfu
Period28/06/111/07/11

Keywords

  • Auction
  • IT Security
  • Outsourcing
  • Security-Critical

Fingerprint

Dive into the research topics of 'Exploitation of auctions for outsourcing security-critical projects'. Together they form a unique fingerprint.

Cite this