Security and Privacy in Outsourcing with Customer-Specified Risk Tolerance
EJETA Special, October 2006
32 Pages Posted: 2 Jul 2013 Last revised: 1 Sep 2022
Date Written: June 1, 2005
Outsourcing coupled with technology that enables data to reside anywhere has opened up new challenges to the protection of personal privacy. Privacy laws differ internationally as does the value different cultures place on personal privacy. Such differences have implications for government as well as businesses. The corporation must be aware of the security efforts of all its partners and consumers must be aware of the security of all service providers in the extended value chain, not just the business they are interacting with directly. In this paper we propose a method for controlling risks associated with spreading personal information across an extended value chain. In addition, this method accommodates customer-specified levels of risk tolerance. For businesses, the goal is to minimize the cost of securing data spread across vendors and international boundaries.
Keywords: Privacy, Security, Outsourcing, Mixed Integer Linear Programming
Suggested Citation: Suggested Citation