Growth and Sustainability of Managed Security Services Networks: An Economic Perspective

Growth and Sutainability of Managed Security Service etwork: An Economic Perpective Alok Gupta Dmitry Zhdanov Department of Information and Deciion Science Univerity of Minneota Minneapoli, M 55455 (agupta, dzhdanov@com.umn.edu,) Abtract Managed Security Service Provider (MSSP) network are a form of extended enterprie where everal firm hare reource uch a diagnotic, prevention tool, and policie to provide ecurity for their computer network. While deciion to outource ecurity operation of an organization may eem counterintuitive, there are potential benefit from joining a MSSP network due to pooling of rik and acce to more ecurity-enabling reource and expertie. We provide tructural reult that explain the reaon for firm to join a MSSP network. We alo characterize the growth of MSSP network ize under different form of ownerhip (monopoly v. conortium). Our reult illutrate the need for initial invetment in MSSP network to overcome initial talling effect and illutrate that while need for initial invetment may increae the optimal network ize for a conortium, it ha no impact on the optimal network ize for a profit maximizing monopolit. KEYWORDS: Information ecurity, Managed ecurity ervice, Outourcing, etwork Effect, etwork growth, etwork ownerhip tructure 1

1. Introduction Emergence of complex and cloely interconnected buine-to-buine relationhip have made ecurity perimeter around a ingle firm network diappear (McKenzie, 2003). It i being replaced by a network of protected buine relationhip. The major challenge in uch environment become the identification of legitimate partner and potential intruder to protect computing reource and buine data from unauthorized acce. Enabling, but complex to manage, technologie uch a web ervice further complicate proviion of ecurity to extended enterprie reource. Originally web ervice were enviioned a a lightweight olution to allow different application to talk freely; however it i becoming apparent that for web ervice to be ucceful, ecurity iue need to be addreed (Welh, 2003). Among technical development on thi front, there are initiative to implement ecurity for uch tool a XML and SOAP, but the iue of who to offer web ervice to and who to exclude remain a largely non-technical problem. To make matter more complicated, there are now many more technologie that allow making information tranfer in and out of a company almot uncontrollable. Ue of torage area network, peer-to-peer communication and intant meaging provide broad opportunitie for information tranfer and ignificantly complicate determination of ecurity perimeter. Further, many uch technologie are ued in telecommuting and telework that are projected to continuouly grow a more enabling and collaborative technology evolve. For example, Starner, (2003) reported that more than 80% of executive worldwide expect ome of their worker to telecommute over the next two year. Therefore, firm increaingly find that they are unable to manage ecurity of their reource themelve. Thi ha led to one of the mot intereting emergent phenomenon - the pillover of outourcing into the area of information ecurity. While counterintuitive, in 2002, 2

29% of all European enterprie intended to ue managed ecurity ervice (Computerwire, 2002). Outourcing of ecurity ervice i an intereting but perplexing phenomenon becaue firm are often ready to hand over the ecurity of their preciou digital aet to outider. Etimate report the current number of companie obtaining ecurity from outide provider to be up to 30% and growing. A compound annual growth rate in the market of Managed Security Service Provider (MSSP) i etimated to be at leat 17-20% (Kavanagh 2002). The entire market i expected to grow from $140 million in 2000 to 1.2-1.7 billion in 2005-07 (Yain 2001, Van Mien and Praveen 2003, Sturgeon 2004a). In addition, there i ignificant conolidation in the MSSP market with the number of provider getting maller while increaing their range of ervice (Phifer 2004). The cot/benefit tradeoff for MSSP arrangement are till not well undertood. The rik of working with MSSP include iue of trut, dependence on outide entity for upport of critical function, and ownerhip of ytem. (Allen et al.,2003). However, a Allen and Gabbard (2003) point out, there are multiple benefit that individual firm can derive by uing MSSP: Cot aving: cot of managed ecurity ervice i uually lower than hiring in-houe fulltime expert. MSSP are able to pread their invetment in infratructure and people acro everal client. Staffing: hortage of qualified ecurity peronnel (a trend that i expected to continue through at leat 2006) put big preure on companie to recruit, train and retain their ecurity taff. Skill and ecurity awarene: MSSP have better inight into evolving ecurity threat directly and indirectly becaue of their focu and wider intall bae. 3

MSSP can provide objectivity, independence, liability protection, dedicated facilitie, and round-the-clock ervice. While current MSSP focu on their relationhip with government entitie and large companie, benefit of managed ecurity ervice are alo appealing for mall and medium ize companie due to relative amount of reource that they have to commit to ecurity operation (Sturgeon 2004b). Thu, MSSP ervice offering i attractive to a wide range of organization and tudy of MSSP market ha real practical value. In thi paper we explore the tructure of the MSSP market a well a it formation proce and tability. We primarily try to identify whether there are indeed economic benefit for firm to hire external entitie to manage their ecurity. We look at the economic incentive that lead to particular choice in ecurity outourcing. We how that it i beneficial for firm to join larger group (MSSP network) jut to hide themelve from potential attack among other target. We compare two different type of ownerhip tructure for MSSP: i) a conortium baed approach where everal companie join hand to pool their reource to collectively provide ecurity for their computing reource; and ii) when a MSSP i a for-profit provider who manage ecurity for a group of firm. We look at the dynamic of growth for thee MSSP network where the network may tart with a mall group of firm and grow over time. One of the key concern in uch network i that below a certain ize, the network are not economically viable. In network externality literature thi phenomenon i called critical ma (e.g. Oren and Smith, 1981; Economide 1996). We define optimal growth rule with repect to the viability and network ize. In the network effect literature, the iue of growth and optimal ize of network are not nearly a extenively explored a the iue of tandard, coordination and choice of network (Liebowitz 4

and Margoli 1998). Weitzel et al. (2000) call for reconideration and new work in the area of network effect in application to modern-day IT market, emphaizing evolutionary ytem dynamic a one potential direction of development. Walden and Kauffman (2001) call for reearch of whether network externalitie exit in pecific e-commerce etting and how they affect behavior of actor involved. Another related iue concern the form of ownerhip of a MSSP network. Given the B2B relationhip that companie have with each other it would eem that a conortium baed approach may be appealing. However, we how that firm may have better incentive for joining a for-profit MSSP, epecially initially when network ize i mall. We alo identify condition under which profit-oriented proprietary MSSP may have larger ize than conortium operated MSSP. The paper i organized a follow. In the next ection we review relevant literature and reaon for analytical work in MSSP network field. In ection 3 we provide conceptual bai for our analyi including the definition of contruct ued to analyze the market tructure for MSSP. In ection 4, we preent ome tructural reult that indicate why individual firm may prefer to hare reource for ecurity purpoe. Then in ection 5, we analyze the MSSP network under the two ownerhip tructure dicued earlier. We alo dicu the implication of theoretical reult in thi ection. Finally, we conclude in ection 6 with a ummary of contribution and direction of future reearch. 2. Background We conceptualize a MSSP network a a collection of interconnected companie that hare common ecurity reource and have acce to the ame information on potential attack. We conider two form of market organization. One poibility i where a et of core firm with 5

common interet join their ecurity effort and create a conortium. In thi cae, effort and benefit are likely to be ditributed among participant equally or proportionally to their hare of invetment in the conortium. On another hand, a MSSP network may be created by a for-profit organization (e.g., a telecommunication company) that provide ecurity ervice a it buine offering. In thi cae, pricing and memberhip deciion will be controlled by a ingle firm acting a a monopolitic owner of it network. Our objective i to analyze the feaibility of uch market organization and derive tructural reult regarding the growth of thee network. We will alo explore whether the ownerhip tructure make a difference in potential network ize. Our work fit under the general paradigm of network effect while it provide a new and intereting perpective to the problem of network growth. Leibowitz and Margoli (1998) provide everal claification dimenion of network effect. Firt, not all network effect are externalitie, but only thoe which are not internalized. In our cae, we decribe pricing mechanim that allow network effect in MSSP market to be internalized. Further, there i a ditinction between direct and indirect network effect. Direct effect occur a an immediate reult of participation in a network, while indirect effect are due to emergence of complimentary product and ervice. In our cae, the network effect are direct, a they reult intantly from MSSP network memberhip. Finally, network effect may be poitive or negative. While mot reearch focue only on one type of network effect, our approach conider both poitive and negative effect that arie from ue of MSSP network. The majority of work in network effect area concern with the quetion of choice among competing network. For example, Farell and Saloner (1986) conider the effect of intalled bae on choice between two competing tandard and dicu effect of pre-announcement on hifting the market balance. Katz and Shapiro (1985) tudy the effect of compatibility between 6

tandard on adoption dynamic. Economide and Flyer (1997) analyze the oppoing incentive of firm to chooe compatible or differentiated product and illutrate frequent domination of network indutrie by a few (one or two) firm. Iue of lock-in and path dependence often arie in thee etting (e.g., Liebowitz and Margoli 1995). However, work on the network ize and network formation proce i much le tudied in the modern literature. One example i the work of Riggin et al (1994), tudying the growth of interorganizational ytem with negative externalitie, leading to talling of growth. We believe that our model fill a gap in the literature on the growth of network and provide a perpective that conider both poitive and negative network effect in the proce in the context of MSSP network. Furthermore, Weitzel, et al (2000) ugget to reconider ome of the common aumption of network effect theory to addre the iue occurring in today IT market. In particular, they quetion the following aumption: excluion principle (good may be in unique poeion only), conumption paradigm (conumption of a good lead to it detruction) and eparation of conumer and producer. We are looking at information ecurity, which i a good that i uually non-excludable, i.e., it i not being ued up while conumed and may be produced by the ultimate conumer of ecurity. Information ecurity diplay propertie of a public good (Varian 2004) a well a an externality (Camp and Wolfram 2000). A an externality, ecurity (or the lack thereof) of a ytem affect other entitie involved in a buine tranaction. Thu, it i important to explicitly conider uch effect and attempt to internalize thoe. In the later ection we ugget pricing cheme that help to internalize ecurity externalitie reulting from increaed network ize. 7

Information ecurity alo partially poee common attribute of public good: nonexcludability and non-rivalrou conumption (Cowen 2005). For example, ue of particular antiviru oftware by one company doe not prevent other from uing the ame oftware. However, companie that chooe not to ubcribe for update exclude themelve from enjoying the benefit of protection againt mot recent virue. Similarly, if a MSSP provider offer pam filter a part of their offering, it ue to filter one client email doe not exhaut it functionality to filter email for any other client, though it doe create conflict in allocation of computing reource to different client. Thu, we can approach information ecurity a a near-public good, a it frequently exhibit public good propertie. Thu, we are tudying a previouly unexplored area of network effect field while conidering important propertie of the information good uch a ecurity. A illutrated before, acce to additional information about ecurity incident i one of the benefit of joining an MSSP network. Several tudie ha looked at the problem of haring ecurity information among different entitie. Gordon et al (2003) conider a cae when two firm form ecurity information haring alliance and how that haring of ecurity information can either increae or decreae the level of ecurity, a member firm attempt to free ride. Along the ame line, Gal-Or and Ghoe (2005) how that haring ecurity information may impact market hare of competing companie; they alo how that uch benefit increae with firm ize. Both of the above model are developed in a game-theoretic etting between two partie. Hauken (2006) model ecurity invetment a a way to offet the varying level of threat by an external agent and how that increaed interdependence between firm caue free riding, to the detriment of the defender. In our work, we are not making aumption about whether firm joining the MSSP network are competitor; we tudy the ecurity impact of network growth 8

rather than particular interdependencie between companie on the network. In addition, the iue of free riding doe not occur in our etting, a all effect are internalized uing the pricing cheme. ext, we decribe the propertie of modeling contruct before preenting the formal model in Section 4. 3. Model Preliminarie Suppoe there are multiple identical firm that are conidering joining a network of other uch firm. Let denote the ize of uch network. Without lo of generality, a ingle firm may be then conidered a a network of ize 1. All network are continuouly expoed to a number of external threat. When thee threat can be carried out uccefully, the ytem on the network may uffer ome degree of damage. Firm are eeking to etimate thi damage and counter it with their ecurity effort. We may quantify the damage that may be inflicted to the network by a given attack a: D( ) = P ( ) P ( ) (1) a Where: D() -- i the etimate of damage to the network of ize (expected number of entitie affected by an attack); P a () -- i the probability of an attack taking place; and P () -- i the probability of ucce for a given attack. ote that both probabilitie of attack taking place and being ucceful are dependent on the ize of network. We aume that P a () i increaing in and P () i decreaing in, i.e. dp d > 0 (2) a 9

dp d < 0 (3) ote that thee aumption are realitic and reaonable 1. For example, larger network are more likely to be attacked jut becaue they attract more attention while likelihood of a random attack alo increae with a larger network. Since firm are phyically haring the ecurity technology, a failure in one of the infratructure component (e.g., erver-baed antiviru) will affect all of them, which i not the cae if each firm maintain it own ecurity infratructure. Furthermore, even though the memberhip information of MSSP network in not likely to be publicly available, attack on different network that are erved by the ame MSSP provider are till more likely to occur due to topological proximity of thee network (e.g., being on the ame range of IP addre if MSSP alo act a an ISP for it network member). However, while larger network are uceptible to more attack (Germain 2004), any potential remedy when applied to the network alo protect a larger network. In addition, a ucceful attack allow development and deployment of countermeaure for a larger group of client. Larger network alo have more reource to negate ophiticated attack and benefit from a knowledge and olution haring between the member of the network. Thu, a Sturgeon (2004) note, attack on larger ytem are le likely to be ucceful due to accumulation of knowledge and expertie a key benefit of MSSP. To ee whether the aumption about the model parameter are jutified, we ran a imulation experiment baed on the network traffic data ued in KDD Cup 1999 2. The original 1 It may be argued that probability of attack ucce, P, i alo a function of invetment in ecurity, S, and hould decreae a thi invetment increae. Then, an individual firm deciion become whether to invet S alone or a part of the network. However, MSSP make ecurity olution available for thoe firm whoe individual cot of ecurity invetment i prohibitively high. Therefore, the effect of invetment are captured through the ize of the network and there i no need to introduce a eparate invetment parameter. 2 KDD Cup i organized by ACM Special Interet Group on Knowledge Dicovery in Data (SIG KDD). The 1999 dataet i available at http://www.acm.org/ig/igkdd/kddcup/index.php?ection=1999&method=data 10

dataet conit of data on over four million connection each decribed by 42 attribute (e.g., duration, protocol, etc.) and identified either a normal traffic or one of 24 attack type. Our imulation proceeded a follow: 1. 20,000 connection were randomly elected from the original dataet to form imulation training et. 16 attack type were repreented in the imulation et. 2. Simulation training et wa duplicated to repreent imulation tet et with the ame ditribution of attack a in the training et 3. 20,000 connection in training et were randomly plit into 20 group of 1,000. Thee group repreent firm. It i aumed that each firm can independently oberve 1,000 connection. 4. One firm wa choen to tart the network (network ize = 1, pool of connection =1,000). 5. Proportion of attack connection in the connection pool wa computed and provided the probability of attack, P a. 6. Baed on the pool of connection, the deciion tree wa built to claify the attack uing C4.5 algorithm. 7. The output of C4.5 algorithm wa teted againt a random ubet of attack from teting et. The teting ubet i half the ize of the training ubet. The proportion of miclaified attack in teting ubet wa computed and provided the probability of attack ucce, P (on the aumption that if attack wa not identified correctly, then no appropriate defene would be activated). 8. etwork ize wa incremented by 1 (until it reached 20). (e.g., after firt iteration, network ize = 2, pool of connection = 2,000.). Return to tep 5. 11

The data wa averaged over ten imulation run. Figure 1 and 2 below repreent the experimental finding about probability of attack taking place and probability of attack ucce, repectively. Figure 1 approximate P a a a ratio of attack type viible to the network of a given ize to a total number of attack type poible (due to randomization, the probability in term of pure volume of attack without ditinction between attack type remain table at 0.81). Figure 2 repreent P a claification error a decribed above. We ee that P a () i increaing in and P () i decreaing in, a we aumed before. Probability of a random attack for a network of given ize 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Figure 1. Probability of attack in a network of given ize 12

Succe probability of a random attack 0.02 0.018 0.016 0.014 0.012 0.01 0.008 0.006 0.004 0.002 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Figure 2. Probability of attack ucce in a network of given ize The value of the MSSP network come from it ability to reduce potential damage to it member through uperior technology and larger amount of attack information. Figure 3 below repreent an approximation of uch benefit by plotting unit expected rik of being on the network v being alone. (P a (1)P (1) P a ()P ()). Baed on thee obervation, we hypotheize that the value of the MSSP network, V(), i an increaing, concave function. 13

Value of network of ize 0.007 0.006 0.005 0.004 0.003 0.002 0.001 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Figure 3. Approximation of network value from imulation data Once the potential value of the MSSP network ha been etimated, it i neceary to undertand the cot of maintaining uch network. Let R() be an input requirement function that decribe the amount of reource that are needed to provide the level of information ecurity aociated with the ize of MSSP network. At the beginning tage of network growth, the majority of invetment ha to go into the baic infratructure technologie uch a firewall and antiviru tool ( keeping bad guy out ), with reaonably table cot (Wheatman et al, 2005). Once the network get larger, the focu of invetment hift to letting good guy in technologie uch a authentication and acce management, that require much more effort in configuration and management. Since difficulty of providing additional ecurity (in term of the amount of reource required) increae at increaing rate, we aume that R() i an increaing convex function. 14

Reource requirement function reflect a peculiar nature of information ecurity -- it i not a regular commodity good. A we argued before, it i a near-public good, and production of public good i not traightforward. For intance, Varian (2004) conider three ditinct alternative way of providing ytem reliability total effort (when individual effort add up), weaket link (when reliability depend on the lowet effort level) and bet hot (depending on the highet effort level). By introducing the reource requirement function, we can tudy multiple way of ecurity proviioning uing the ame analytical approach. Effort of proviioning ecurity for a given network ize balanced with additional benefit available to member define the value of the MSSP network. The net value of the network can then be written a: W ( ) = V ( ) R( D( )) (4) In order to enure voluntary participation in the MSSP network, the firm mut have ome benefit a compared to handling their ecurity on their own. There are two potential metric of uch rationality. Firt, firm may want to make ure that potential damage that they face while being on the network i maller than that of being alone. Second, firm may want to make ure that the fraction of ecurity cot that they have to contribute to on the MSSP network i maller than that of handling ecurity alone, i.e., D( ) < D(1) (or, rik() < rik (1)) (5) R( D( )) < R(1) (6) From the perpective of cot and damage only, when both of thee condition hold, firm have incentive to join the MSSP network; it i alo not rational to join if both condition are violated. The ituation become ambiguou when only one of thee condition hold e.g., when damage reduction require too much reource, or when individually feaible contribution to the network 15

doe not reduce the damage to acceptable level. Thi ambiguity i reolved once the benefit of the network V() i conidered. The ultimate individual rationality condition involve the fraction of net value of the MSSP network allocated to an individual firm: W()/ > W(1). ext, we explore the proce of formation and growth of MSSP network under different ownerhip tructure. Since we aume that the firm in quetion are identical from the perpective of ecurity need, we aume that they will bear an equal fraction of rik after joining the MSSP network. Additionally, we aume that all MSSP network member firm are rikneutral, individually rational and elfih (concerned with their payoff only). Our model aumption are decribed below: There i a ingle MSSP network, potential client make deciion whether to join it or provide their own information ecurity All client are identical, rik-neutral, elfih, price-taking and individually rational Benefit and rik of being on the MSSP network are ditributed equally among client Once MSSP network i tarted, client join one at a time. MSSP can deny entry to a new client, but will not expel an exiting client 4. Making a Cae for MSSP etwork Before we tackle the iue of Formation and growth of MSSP network, we firt derive the condition neceary for the exitence of a MSSP network. A poible objective that provide poitive benefit to MSSP network member i to maximize ocial welfare, i.e., maximize the total net benefit derived from the MSSP network: max W ( ) max[ V ( ) R( D( ))] (7) 16

It i eay to verify that firt order optimality condition for thi optimization i dr d = dv d (8) Let the olution to equation (7), i.e. the optimal ocial benefit maximizing MSSP ize, be repreented a. We will dicu the propertie and relative ize of a little later, firt let u dicu the condition under which MSSP network are attractive option for firm depending on the damage function D(). Recall from ection 2 that D( ) = P ( ) P ( ), where P () i decreaing in, while product P a () i increaing in. a It i eay to verify that damage function may be either (a) monotonically increaing (local minimum at 1), (b) monotonically decreaing (local maximum at 1), or have a unique (c) local maximum or (d) local minimum in (1, ). In cae (a), MSSP network doe not offer obviou benefit in term of reduced rik and may not be attractive to firm. In cae (b) and (c), the mot attractive MSSP network ize i infinitely large and the problem i trivial (although in cae (c) there may be an iue of critical ma in early tage of network formation). The mot intereting cae i when D() ha an internal minimum point in (1, ), which i aociated with convexity of damage function. Therefore, thi point forward, we aume that damage function i convex. Obervation 1. Damage function D() i convex and ha a unique minimum in (1, ). ow we are going to explore how thi hape of damage function impact the incentive of firm to join MSSP network. Propoition 1 (Exitence of Hiding Effect ). Suppoe that damage function reache it minimum at an internal point of [1, ). Then it i individually rational for firm to join the MSSP network, a deciion to join decreae the potential damage they are facing from attack. 17

Proof. Convexity of D() implie D( ) < D(1), i.e., in a larger network the individual rik to a firm i maller. Q.E.D. Propoition 1 provide an intereting and deirable characteritic that may be driving MSSP adoption. The hiding effect make individual firm le attractive individual target ince there may be everal intereting target. However, thi doe not alone explain the reaon for MSSP to be attractive. In fact, a more prominent effect i the effect of knowledge and ecurity enhancement. Unle a higher level of ecurity can be provided due to collective increae in the ability to provide ecurity, the MSSP may not be attractive to the firm. Propoition 2 formally tate the condition for thi phenomenon that we call Collective Knowledge Effect to exit. Propoition 2. (eceary condition of Knowledge Effect ). Suppoe probability of an attack taking place P a () i increaing in, and probability of attack being ucceful P () i decreaing in. Then, joining a MSSP network reduce individual firm rik if the marginal impact on a firm rik due to increaed expoure i le than the effect of lower marginal rik due to decreae in probability of ucce, i.e., P P ' ' a ( ) ( ) Pa ( ) P ( ) >. Proof: The total rik for a firm in a network of ize can be defined a rik( ) = Pa ( ) P ( ) D( ) (9) For an individual firm to join the network rik( ) < rik(1) (10) Differentiating (10) with repect to, we get 18

P ( ) P ( ) + P ( ) P ( ) < 0 (11) ' ' a a Since P () and P a () are non-negative and P ' a ( ) > 0 while P ' ( ) < 0 from equation (2) and (3), the firt term in (11) i poitive and the econd term negative. In order for the inequality to be atified, the magnitude of the econd term mut be greater than the magnitude of the firt term. In other word P P > P P. Q.E.D. ' ' a ( ) ( ) a ( ) ( ) We have alo verified exitence of hiding effect a well a knowledge effect in the imulation decribed on page 10-12. Figure 4 and 5 illutrated our finding, negative value of hiding effect indicate that a firm expected damage from being on an MSSP network i maller than that of being alone; imilarly, negative value of knowledge effect indicate that additional information gained on larger network outweigh the danger of greater expoure. hiding effect 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20-0.002-0.004-0.006-0.008-0.01-0.012-0.014 Figure 4. Evidence of hiding effect in MSSP imulation 19

knowledge effect 0.001 0 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20-0.001-0.002-0.003-0.004-0.005-0.006 Figure 5. Evidence of knowledge effect in MSSP imulation Propoition 2 indicate that while hiding effect may well be preent, another important benefit that make firm chooe a MSSP network come from the increaed ecurity potential due to increaed knowledge and proficiency in ecurity proviion. Knowledge effect exit if the marginal amount of knowledge that firm gain in the larger network outweigh the marginal increae in rik of attack on a larger network. However, the exact dynamic of MSSP network growth can be analyzed only by looking at R() and V() jointly. Hiding effect and knowledge effect, decribed above, are important component of MSSP adoption deciion, but are not the only relevant factor. A mentioned earlier, benefit that are received by the firm from joining the MSSP network are not defined olely by the reduced rik. The value of network aet and infratructure, repreented by value function V() i alo important. Therefore, we need to balance both rik and reward in analyzing firm deciion. Thi require the identification of the optimal total network ize. One of the approache to enure poitive benefit 20

would be optimize the net benefit derived from the network, i.e., maxw ( ) max[ V ( ) R( )]. However, while maximizing the net benefit from the network may een like a deirable goal for, at leat, a conortium baed MSSP, it i unlikely that a conortium with equal partnerhip can enforce the objective of maximizing net benefit. In the next ection we conider two ditinct market tructure for MSSP network and derive reult regarding the optimal network ize. 5. Analyi of Market Structure for MSSP etwork A mentioned earlier we are intereted in dynamic of MSSP network growth. Specifically, ince it i unlikely that a network will have all the potential member joining at the ame time, we are intereted in finding out whether or not there are mechanim that will provide incentive for firm to join an exiting MSSP network. We are alo intereted in finding out, if the incentive to join a network exit, what the optimal network ize would be under two different form of market tructure: i. A conortium baed MSSP network where everal firm may join there effort in providing ecurity to their collective network. Such network may be tarted by, for example, an extended enterprie where firm conduct electronic tranaction or information haring with each other. ii. A MSSP network facilitated by a for-profit firm that attract variou firm under one umbrella for the purpoe of providing ecurity olution. Thi eem to be the mot prevalent form of market tructure for MSSP network (Kavanagh, 2004). Before we examine the pecific market tructure, let u outline the proce that we conider for the formation and growth of a MSSP network. We aume that a et of firm initially join the 21

MSSP network. In cae of a conortium, thee firm may be thought of a founding member and in cae of a for-profit MSS provider, it may be the initial firm that the provider i able to attract to the network. Once the network i tarted, firm arrive one by one and the exiting conortium member or the for-profit provider decide whether or not to accept a new member. We aume that each new incoming firm i a price taker, i.e., it agree to pay whatever charge the conortium or the for-profit provider ak for a long a the expected benefit are greater than or equal to zero. We will firt examine the tructure of the MSSP network and iue that mut be conidered in the growth of uch network; then, we will look at the conortium-baed market tructure followed by the for-profit provider network. 5.1. MSSP etwork Structure and Growth- a Benchmark Cae One of the firt way to ae the potential ize of an MSSP network i to define the condition for maximum network ize by finding the larget that olve the following problem: W ( ) = 0 or V ( ) = R( ) (12) Thi problem i imilar to the cae of perfect competition in economic analyi, when manufacturer ell their good at cot. However, uch a configuration i not likely to be utainable by mean of real market force ince the profit of the MSSP are equal to zero or, in cae of a conortia, benefit to the member of conortia are zero. For the MSSP to have incentive of maintaining a network there mut be poitive profit from operation. Another approach to computing potential ize of MSSP network i preented in the total welfare maximization problem dicued in previou ection Max W() (equation 7, 8). A dicued earlier the optimal olution occur when the derivative of the value and reource function are equal to each other. Figure 6 depict thi cae: the lope of the tangent are equal to each other and thu the difference between the value and reource function i maximized. 22

V(), R() R() Invetment dv/d V() dr/d i 0 max Figure 5: umber of Firm and MSSP Benefit Figure 5 alo depict the range of poible network ize for a MSSP network. A the figure indicate, the maximum ize of MSSP network max, that can be formed without the lo of ocial efficiency, may be achieved when the value (V()) and reource requirement (R()) curve interect. The optimal ize of a MSSP network that maximize ocial benefit,, i achieved whenever the ditance between the two curve i greatet (equation (8)). However, there i another intereting point 0, repreenting the minimum efficient MSSP network ize. Up to thi point, it i not individually rational for the firm to join the network, a the benefit are lower than cot. Thi i the well known tart up or critical ma problem in network economic where growth of the network require a minimal nonzero tarting ize (ee, for example, Economide, 1996). Since the attractivene of a MSSP network i both a function of it value and the reource requirement which, in turn, depend on the network ize, the expected ize of the 23

network play a ignificant role in individual firm deciion to join the network (Katz and Shapiro, 1985, 1994; Benen and Farrell, 1994; Economide, 1996). While the claical tartup problem arie when conumer expect that no one would buy the good or that no complementary good would be available in the market, the problem arie in the MSSP network due to no intantaneou net benefit for a firm if there aren t enough member already. Thi phenomenon i related to the concept of critical ma (Rohlf, 1974; Oren and Smith, 1981). The critical ma theory ugget that a utainable growth of a network i attainable only if there i a minimal nonzero equilibrium ize (Economide, 1996). In figure 1, 0, repreent thi critical ma. If the initial ize of the network, i, i le than 0 then network cannot automatically (or organically ) grow. Economide and Himmelberg (1995) conider thi a a "chicken and the egg" paradox ince tarting network ize i too mall to induce conumer into the network. We formally define the property of the critical ma problem in obervation 1. Obervation 2 ( Critical Ma for MSSP ). If the initial ize of the MSSP network i i, then, critical ma problem will be preent if the maller (or only) root of equation V()=R(), 0, i greater than i. The intuition for thi obervation can be een in figure 1; in the interval (0, 0 ) the net benefit to firm joining the MSSP are negative ince R() > V(). When critical ma problem exit, there i a deficit of value in the amount of R(i) V(i) for a mall network, and invetment have to be made to facilitate network growth. In cae of the conortia thi invetment ha to come from the foundational member, while in cae of a for-profit provider thi invetment ha to be made by the provider. Rigging et al. (1994) and Wang and Seidman (1995) alo provide the reult indicating the need to potentially ubidize the adoption of interorganizational network. Both of thee work how that adoption of ytem like EDI may 24

lead to creation of negative externalitie for upplier; when the correponding poitive externality for the buyer i large, he may chooe to ubidize ome upplier to foter adoption. Riggin et al. (1994) how that, unle uch ubidy i provided, the network adoption will tall after the initial takeoff. Our cae i different, however, a upplier and buyer of reource neceary to provide information ecurity are the ame entitie; thu making even an initial takeoff problematic. We would explore the condition under which the network grow organically to it efficient ize by paing over the hump of critical ma. We, therefore, concentrate on defining rule under which firm may be willing to make initial invetment to overcome tartup problem and will tudy the effect of thi invetment on efficient maximum network ize. 5.2. Conortium Baed Market Structure When ecurity i provided jointly by the member of a conortium, each member contribute equally and receive equal benefit. We alo aume that each member of conortium evaluate her own benefit before allowing a new entrant to join the conortium. Since the benefit are equally hared by all the member, each member receive benefit equal to the average benefit. Therefore, the objective of the conortium will be to maximize the average benefit a oppoed to the maximization of total benefit. We analyze thi problem in two phae. Firt, we conider the cae where the initial ize of the conortium, i, i large enough o that the founding member don t need to make any additional invetment, i.e, i 0. We will then conider the cae where i< 0 and the founding member have to invet a total of R(i) V(i) to overcome the critical ma problem. 5.2.1 Conortium without need for initial invetment 25

When there i no initial invetment requirement, the problem of conortium i V ( j) R( j) Max j j j 0 (13) The firt order optimality condition i given by V '( j) R'( j) = [ V ( j) R( j)] / j (14) Let the optimal olution that atifie equation (14) be repreented by cn.the implication of the optimality condition i equation (14) i tated in propoition 4. Propoition 3. (The Optimal Size of Conortium without Invetment) Suppoe that value function V() i concave and damage function R() i convex. Then, the optimal ize of a conortium baed MSSP with no initial invetment, maximizing MSSP network ize, i.e., cn. cn, will be le than or equal to the welfare Proof. The difference between the partial derivate of a concave, V ' ( j ), and a convex function R '( j), of a variable, j, i non-increaing a j increae. Therefore, ince the R.H.S. in equation (14) i a poitive number, j k where V '( k) R'( k) = 0 -- the optimality condition for welfare maximizing olution. Q.E.D. 5.2.2.. Viability of a conortium We now conider the cae when the initial founder of a conortium need to make invetment to facilitate the MSSP network, i.e., the initial network ize i < 0, the critical ma. In thi cae, firm will need to recover their initial invetment from the benefit they receive from the MSSP. However, the quetion remain a to what hould be the obligation of new firm that arrive to the MSSP network. Since we have aumed that the benefit of the MSSP 26

conortium are equally hared by the member of the conortium it i reaonable to aume that the firm equally hare the initial invetment. ote that once the initial invetment i made, no further invetment i needed ince the reource requirement, a compared to the benefit, are decreaing in the number of conortium participant. Start-up problem i reolved and network grow organically after the invetment take place. Therefore, to negate talling effect, we propoe the following invetment and invetmentrecovery approach. The initial invetment amount R( i) V ( i) i equally hared by the initial foundational member of MSSP with each member contributing an amount L = [ R( i) V ( i)] / i. ote that once the invetment, L, i made any firm ubequently joining the network (a i + k th member) will not uffer any loe even if network ize (i + k) < 0 ince enough invetment ha been made (and reource requirement R(i + k) < R(i) and value V(i+k) > V(i) organic growth i poible). A dicued in the previou paragraph, to provide fair and utainable invetment incentive we aume that at any given tate of the network ize, the initial invetment i equally borne by all the member of the conortium. Therefore, when j+1 th, member join the conortium, they pay an initializing fee, F = [ R( i) V ( i)]/( j+ 1), which i equally divided among the j previou member, i.e., each of the previou j member receive an invetment recovery of L r = [ R( i) V ( i)]/ j( j+ 1). It i eay to verify that thi cheme reult in all the j+1 firm equally haring the cot of initial invetment with individual contribution equaling [ R ( i) V ( i)]/( j+ 1). To conider the property of thi rule, let u firt define the viability of a MSSP network with invetment requirement to overcome critical ma problem. Defn. (Viability of MSSP etwork with Invetment) Suppoe the initial network ize i i, optimal network ize i and minimum efficient network ize i 0. Then, MSSP network with 27

invetment requirement, to overcome critical ma problem, i viable if at the optimum network ize,, the benefit of the MSSP network are greater than the initial invetment, i.e., V < (15) ( ) R( ) R( i) V ( i); i 0 ow, in term of an invetment haring rule, an optimal rule will be uch that it will allow the mallet poible tarting network ize i, thu enuring viability at the mallet poible network ize. A propoition 4 tate, our rule that force each conortium member to bear equal amount of initial invetment, i optimal rule from the perpective of viability of a MSSP network. Propoition 4. (Equal Sharing and MSSP etwork Viability). Let there exit a network ize n that allow invetment recovery and network viability with equal haring rule. Then, it i a minimum viable network ize and equal haring rule i optimal. Proof. (By Contradiction) We will how that there i no other haring rule that reult in a maller network ize than equal haring rule. Let the invetment i recovered at a minimum network ize of n uing the equal haring rule [ V ( n) R( n)]/ n [ R( i) V ( i)]/ n n member (16) ow let there exit a rule uch that the initial invetment i not equally hared and the invetment i recovered at ize m < n. [ V ( m) R( m)]/ m L j j = 1,, m where L j i the hare of invetment hared by member j. (17) However, note that ince m<n, and the invetment i not equally hared 28

L j > [ R( i) V ( i)]/ m for at leat ome member j [ V ( m) R( m)]/ m [ R( i) V ( i)]/ m (18) However, equation (18) implie that invetment hould have been recovered uing equal haring rule at ize m < n a contradiction ince by aumption n wa the minimum network ize to recover the invetment uing equal haring rule. Q.E.D. 5.2.3. Optimality of conortium with invetment ow, let u conider the problem of optimal conortium ize with invetment. The problem can be tated a: V ( j) R( j) C Max j j j 0 where C = R( i) V ( i), the initial invetment (19) The firt order condition for the optimum olution can be written a: V '( j) R'( j) = [ V ( j) R( j) C] / j (20) Let the optimal olution that atifie equation (20) be repreented by. Propoition 5 below provide the urpriing reult regarding the optimal MSSP conortium ize with initial invetment a compared to optimal conortium ize without initial invetment. c Propoition 5. (Optimal Size of MSSP Conortium with Invetment). Suppoe that value function V() i concave and requirement reource function R() i convex. Then, optimal ize of a MSSP conortium that require initial invetment to overcome critical ma problem,, i c equal to or greater than the optimal MSSP network ize without invetment, i.e.,. c cn Proof. 29

Optimal conortium ize without invetment i a olution to equation (14): cn = j: V '( j) R'( j) = [ V ( j) R( j)] / j Further, optimal conortium ize with invetment i a olution to equation (20): c = j: V '( j) R'( j) = [ V ( j) R( j) C] / j Since C i a poitive number, the R.H.S. of equation (20) i maller than the R.H.S. of equation (14). Since the difference V '( j) R '( D( j)) i decreaing in j, it follow that the olution to equation (14), cn, i maller than olution to equation (20), i.e., c cn Q.E.D. Another intereting quetion related to MSSP conortium i regarding the minimum initial ize required for viability. Our analyi can anwer thi quetion a well. The anwer come from the realization that the maximum invetment that can ever be recovered i V ( ) R( ), i.e., the maximum net benefit. Therefore, the minimum tarting ize hould be uch that the required invetment i le than or equal to maximum net benefit that the MSSP network can provide. Propoition 6 formalize thi reult. Propoition 6. (Minimum Viable Initial MSSP Conortium). Suppoe that value function V() i concave and requirement reource function R() i convex. Then, the minimum tarting network ize i given by. I = min{ i : V ( ) R( ) R( i) V ( i)} Proof. 30

Since R( i) V ( i) i decreaing in i < 0 and maximum recoverable invetment i V ( ) R( ), mallet viable initial network ize i given by I = min{ i : V ( ) R( ) R( i) V ( i)} Q.E.D. Propoition 5 and propoition 6 provide ome intereting and counterintuitive reult with two important implication. Firt, the network ize i greater when the firm are required to make an initial invetment. Second, when firm make initial invetment, it i feaible to achieve ocially optimal network ize. ext we conider the problem of a monopolit, for-profit, MSSP. 5.3. Profit Maximizing MSSP: Since we aume that firm are identical from the perpective of ecurity need, it i reaonable to aume that the monopolit i capable of exerciing firt-degree price dicrimination with repect to network ize and charge each cutomer an individual price equal to cutomer valuation of the network. Since no cutomer ha any poitive valuation before the network reache the minimum efficient ize 0, the provider attract initial cutomer by providing free acce to the network. ote that thi pricing approach i conitent with Cabral et al. (1999), who find that a monopolit will find introductory pricing approach deirable in preence of network externalitie. Similar to the conortium, if the initial number of the firm that the provider can attract i i, the total invetment requirement i L= [ R( i) V ( i)] i. After 0 cutomer have joined the network, the provider can then charge each ubequent cutomer a M monopoly price P + j = [ V ( + j) R( + j)] ( + j). However, for cutomer that arrive 0 0 0 0 after the ize, the provider need to potentially compenate ome cotumer who joined earlier ince the overall hared benefit of the network go down. Recall that i the ize of 31

network that maximize average benefit to each client. Therefore, while marginal befefit for a new client added above may be till poitive and captured by the monopolit, exiting client may demand compenation for decreaed benefit and even drop out of the network. Thu, compenation i neceary and it ource ha to be the price charged to the new client. We now conider the driver of growth of monopolit MSSP network. The revenuemaximization part 3 of profit maximizing provider formal problem can be written a Max j j = 1 P M j (21) M Subjected to: [ V ( j)] R( j)]/ j> P j< (22) 4 ote that while thi problem look complex, it can be olved uing a polynomial-time earch algorithm a hown by the peudocode in illutration 1. The baic realization here i that when a firm k > join the MSSP network, the provider need to compenate all the cutomer who were initially charged an amount greater than [ V ( k) R( k)]/ k. All the provider need to do i to earch from 0 to M to find the firt intance where P [ V ( k) R( k)]/ k where 0 n n adjuted. The provider then compenate each firm from n to (k-1) and amount equal to the M M M difference P [ V ( k) R( k)]/ k and et the adjuted price to P = P [ V ( k) R( k)]/ k n adjuted ince all firm receive a maximum benefit of [ V ( k) R( k)]/ k after the firm k join the network. n adjuted n old If (k < 0 ) End If Set P k = 0 3 Full problem of profit maximization alo include cot, they are conidered on page 30. However, only revenue define the growth of network. 4 If j< 0, then P M j = 0, ele P M j =W(j)/j monopolit give free acce to overcome initial talling, then charge every client it true value 32

Ele If (k >= 0 and k <= End Ele If ) Set P k = [ V ( k) R( k)]/ k Ele If (k >= ) End Ele If Set P k = [ V ( k) R( k)]/ k For (n = 0 to End For ) do If (P n > [ V ( k) R( k)]/ k ) End If Total refund = 0 For (m = n to k-1) do End For Refund firm m amount (R m ) = P m - [ V ( k) R( k)]/ k Total refund = total refund + P m - [ V ( k) R( k)]/ k If (Total refund > [ V ( k) R( k)]/ k ) Ele End Ele Reject entry to firm k For (m = n to k-1) do End For Commit R m P m = [ V ( k) R( k)]/ k Illutration 1: Peudocode for Profit Maximizing Provider Pricing and Allocation It i clear from the dicuion above that a monopolit, for-profit, MSSP may utain a larger network than the net benefit maximizing ize. Thi implie that a monopolit may utain a larger network than a conortium baed MSSP (which will not grow beyond ). However, ince the monopolit mut recover it cot from the differential price [ V ( j) R( j)]/ j where j 33

0, the viability ize for the for-profit MSSP i higher than the conortium. The viability condition for the monopolit can imply be tated a m m Pj R( i) V ( i) (23) j= 0 where m -- i the optimal network ize a a olution to problem (21-22); m P j -- are the adjuted price charged under the provider pricing cheme; and R(i) V(i) i the initial invetment that provider made ote that the optimal network ize for a for-profit provider, unlike conortium, doe not depend upon the initial invetment. However, the viability of the MSSP network doe depend upon the initial ize i. Therefore, a for-profit, monopolit, will not tart a MSSP network unle the condition in equation (23) i atified. Therefore, a a trategy the provider will offer the network acce for free to all the firm that initially ign up for the MSSP network. Propoition 7 formally provide the condition for the monopolit MSSP network to be greater than the net benefit maximizing network ize. Propoition 7. (Monopolit MSSP veru Social et Benefit ize). Suppoe that net benefit maximizing network ize i and monopolit MSSP i viable. Then, monopolit MSSP may have larger network ize than ocial net benefit maximizing ize, if P m m > P ( x 1) 1 j +, + j Ω where x i the number of firm whoe benefit are reduced below the price charged to them due to the introduction of the new cutomer and Ω i the et of individual firm o affected. Proof. 34

i) ote that, a monopolit MSSP profit cannot be maximized on a network ize that i maller than ocial net benefit maximizing ize, i.e., m can not be le than. Aume contrary, profit are maximized at m < potential cutomer in interval ( m ; network, ince. Then, there are one or more ], who will get poitive benefit from joining the i the ocially optimal ize. Charging thee cutomer any poitive price up to their willingne to pay and letting them join the network will increae monopolit profit. But, m wa a profit-maximizing point for the monopolit a contradiction. Thu, m i at leat equal to. ii) We now jut need to prove that under certain circumtance >. Conider a cae m when a monopolit provider attract one more cutomer than at the optimal net benefit maximizing network ize, then by definition V R > V + R + (24) ( ) ( ) ( 1) ( 1) However, there may be other firm k uch that V k R k > V + R + (25) ( ) ( ) ( 1) ( 1) Let the et of thee cutomer be defined a Ω= k V k R k > V + R + { : ( ) ( ) ( 1) ( 1)} Each of thee cutomer will require compenation defined by Comp = V k R k k V + R + + (26) k [ ( ) ( )]/ [ ( 1) ( 1)]/( 1) Since [ V ( k) R( D( k))]/ k = m Pk and m [ V ( + 1) R( + 1)]/( + 1) = P +, we can m m rewrite (26) a Comp = P P + (27) 1 k k 1 35

The total compenation then i Comp = P xp + where x = Ω, i.e., cardinality of et Ω (28) k Ω m m k k k Ω 1 Since the price charged to thi + cutomer hould be enough to cover the total ( 1) t compenation, we have Q.E.D. (29) m m m m m P P ( 1) 1 k xp P P 1 1 k x+ + + + Ω k k Ω Corollary: (Monopolit MSSP v Conortium MSSP). Monopolit MSSP, if viable, will have a network not maller than a Conortium MSSP. Proof. From Propoition 7, Monopolit MSSP ize i greater than ocial benefit, However, Conortium provider will not grow it network beyond m., a it decreae total and average benefit to it member: >, W() < W( ) W()/ < W( )/ ). Thu, m c Q.E.D. Example below provide further intuition by conidering the pecific cae when the + ( 1) t cutomer only affect previou cutomer, i.e., cutomer. Example Suppoe, the only firm affected by the addition of + firm i th firm. Then the provider ( 1) t can at leat have a ize of +1 if P M 2 P M + 1 <. In other word, if the twice the price charged to new cutomer i greater than the price charged to th cutomer, then the monopolit MSSP provider can utain network ize larger than ocial benefit-maximizing ize. 36

The ize and viability reult for the network under the two market tructure and different tarting condition provide ome intereting inight. Thee reult alo hed light on why the for-profit MSSP network may be more preferable by firm, at leat at the beginning. Since the firm that join a monopolit network early are guaranteed poitive benefit a long a the network urvive there i higher incentive to join a for-profit network. On the other hand, a conortium baed network may require firm to hare invetment cot at the beginning creating rik, which a rik neutral firm may not want to bear. Therefore, our reult provide economic rationale 5 for the dominance of for-profit MSSP network over the conortium baed approache. Summary of our reult are preented in Table 1: MSSP Type\effect Conortium MSSP Monopoly MSSP Effect of initial invetment on ize Initial invetment may induce larger ize o effect Maximum ize ot larger than net benefit maximizing May be larger than net benefit maximizing Viability Minimum tart-up ize may be maller than monopolit Due to zero price at tart-up may require larger initial ize Table 1. Comparion of conortium-baed and monopoly MSSP network 6. Concluion and Direction of Future Reearch In thi paper we examine the economic rationale for MSSP network, i.e., to provide an economic rationale for why firm may chooe to outource ecurity. Our reult demontrate that there are multiple interplaying factor that define attractivene of MSSP network to 5 Beide the expertie baed argument. 37

potential cutomer. The deire of firm to join a MSSP network to pool rik may be outweighed by the ubtantial tart-up cot required under a conortium baed approach. We alo examine the growth and tructural characteritic of optimal network under a conortium baed market tructure and under a for-profit MSS provider, repreenting a monopolit etting. We identify the exitence of critical ma problem in the formation of viable MSSP network and ugget approache that help overcome the critical ma problem. We how that our approach to overcome critical ma problem i optimal ince it upport the minimum feaible initial network ize for a feaible conortium baed MSSP network. We define optimal growth trategie and economic rationale for viable MSSP network under a conortium baed approach and profit maximizing approach. Since joining a profit maximizing provider ha le rik during the tart-up a compared to conortium where an initial invetment may be required, our reult provide economic rationale for the oberved phenomena of exitence of more for-profit eeking MSSP network a compared to MSSP conortia. We alo how that a for-profit provider may achieve larger network ize than a conortium. From managerial perpective, two iue are important. Firt, both hiding effect and knowledge effect are valid practical concern. Hiding effect ha been eentially the driver behind offering of ISP which provide frequent re-allocation of dicontinuou block of IP addree to their client. With uch IP cheme (we would like to call them lattice IP ), it i becoming harder for attacker to figure out the topology of target company network, a they no longer can aume that ubequent IP number are logically connected. It alo may help to reduce the damage from automated attack uch a Code Red II worm, which wa programmed 38

to frequently attack machine in the ame ub-range of IP addree 6. Knowledge effect alo become important for dicovery of novel attack. Since mot patche a well a anti-viru databae update are ditributed uing a pull from the client, many ytem remain unprotected even when the remedie are available. Monitoring of all patche and threat i a daunting individual tak, but it may be handled eaier by a number of connected partie. Second iue i important for thoe who decide to tart a MSSP network. Conortium model may be a harder ell in the beginning, a all tarting member are required to invet upfront. On another hand, a monopoly-type MSSP can provide incentive (dicount) to early adopter, but may be faced with a tak of attracting more cutomer to have a viable network. Knowledge of thee implication may alo influence an individual firm deciion on which type of network and when to join. The limitation of thi work include the fact that we only conider the cae when MSSP cutomer are identical and the order of them joining the network i not relevant. In future work we will extend our model to try and identify effect of different type of cutomer on the ytem a well a the equence of their deciion. Additionally, Sundararajan (2004) point out that network effect may depend on the type of cutomer, thu giving rie to non-linear pricing cheme. We will develop pecific incentive mechanim and pricing cheme for MSSP to attract cutomer that differ i ize, expertie, and need. Reference Allen, J., D. Gabbard, C. May, Outourcing Managed Security Service, CERT, 01/21/2003 Benen, S.M. and J. Farrell, "Chooing How to Compete: Strategie and Tactic in Standardization", Journal of Economic Perpective, 1996 (8:2), 117-131. 6 ½ of all probe from an infected machine will tart with the ame /8 network and 3/8 of all probe will tart with the ame /16 network. (if infected machine IP addre i 192.168.6.4, then probe will tart with 192 or 192.168) 39

Camp, L.J., and C. Wolfram, Pricing Security, CERT Information Survivability Workhop, Boton, MA Oct. 24-26, 2000, 31-39. Carbal, L. M., D. J. Salant, G. A. Woroch, Monopoly Pricing with etwork Externalitie, International Journal of Indutrial Organization, 1999 (17), 199-214. Computerwire, new report (online databae), 2002. Cowen, Tyler, "Public Good and Externalitie". The Concie Encyclopedia of Economic. Library of Economic and Liberty. Retrieved October 13, 2005 from the World Wide Web: http://www.econlib.org/library/enc/publicgoodandexternalitie.html Dang Van Mien, A., K. Praveen. European MSSP Value Truted Relationhip ot Jut Technology, Gartner Reearch, 03/18/2003 Economide,., "The Economic of etwork," International Journal of Indutrial Organization, 1996 (16:4), 675-699. Economide,. and F. Flyer, "Compatibility and Market Structure for etwork Good" (ovember 1997). YU Stern School of Buine Dicuion Paper o. 98-02. Economide,. and C. Himmelberg, "Critical Ma and etwork Evolution in Telecommunication," in Gerard Brock (ed.), Toward a competitive Telecommunication Indutry: Selected Paper from the 1994 Telecommunication Policy Reearch Conference, Univerity of Maryland, College Park, MD, 1995, 31-42. Farrell, J. and G. Saloner, Intalled Bae and Compatibility:Innovation, Product Preannouncement, and Predation, The American Economic Review, 1986 (76:5), 940-955 40

Gal-Or, E., A. Ghoe, The Economic Incentive for Sharing Security Information, Information Sytem Reearch, 2005, 16(2), 186-208 Germain, J. Managed Security Service: A Hedge Againt E-Mail Attack, TechewWorld, 5/25/2004. Gordon, L., M. Loeb, W. Lucyhyn, Sharing Information on Computer Sytem Security: An Economic Analyi, Journal of Accounting and Public Policy, 2003, 22, 461-485 Inecurity Alert, Total Telecom Magazine, January 2005 Hauken, K., Income, Interdependence and Subtitution Effect Affecting Incentive for Security Invetment, Journal of Accounting and Public Policy, 2006, 25(6) 629-665 Katz, M. L. and C. Shapiro, "etwork Externalitie, Competition, and Compatibility," American Economic Review, 1985 (75), 424-440. Katz, M. L. and C. Shapiro, "Sytem Competition and etwork Effect," Journal of Economic Perpective, 1994 (8), 93-115. Kavanagh, K. orth America Security Service Market Forecat: 2001-2006, Gartner Reearch, 10/9/2002 Liebowitz, S., S. Margoli, S. Path Dependence, Lock-In, and Hitory, Journal of Law, Economic and Organization, April 1995 (11), 205-226. Liebovitz S., and S. Margoli, "etwork Externalitie (Effect)". The ew Palgrave Dictionary of Economic and the Law. London, Macmillan Reference, 1998 (2), 671-674. McKenzie, M., Information Security: An Ounce of Prevention, CISCO BIS, April 25, 2003. 41

Oren, S. S. and S. A. Smith, "Critical Ma and Tariff Structure in Electronic Communication Market," Bell Journal of Economic, 1981 (12:2), 467-487. Phifer, L. Managed Security Service Provider Survey, ISP Planet, 12/21/2004. Riggin, F., C. Kriebel, T. Mukhopadhyay, The Growth of Interorganizational Sytem in the Preence of etwork Externalitie, Management Science, 1994 (40:8), 984-998 Rohlf, J., "A Theory of Interdependent Demand for a Communication Service," Bell Journal of Economic, 1974 (5:1), 16-37. Starner, T., Teleworking take off, IQ Magazine, ovember-december 2003. Sturgeon, W. What I The Future Of Your Security?, ilicon.com Software, 9/22/2004 Sturgeon, W. Cheat Sheet: Managed Security Service, ilicon.com Software, 9/24/2004 Sundararajan, A. onlinear Pricing and Type-Dependent etwork Effect, Economic Letter, 2004 (83), 107-113 Varian, H. Sytem Reliability and Free Riding, Univerity of California at Berkeley, working paper, 2004. Walden, E. and R. Kauffman, Economic and Electronic Commerce: Survey and Reearch Direction, International Journal of Electronic Commerce, 2001 (54), 94-115 Wang, E. and A. Seidmann, Electronic Data Interchange: Competitive Externalitie and Strategic Implementation Policie, Management Science,, 1995 (41:3), 401-418 Weitzel, T., O. Wendt, F. Wetrap, Reconidering etwork Effect Theory, In 8th European Conference on InformationSytem (ECIS 2000) Welh, T., Divide and Conquer? CBR Reearch, 2003, 29-32. 42

Wheatman, V., B. Smith,. Shroder, J. Pecatore, M. icollet, A. Allan, R. Mogull, What Your Organization Should Be Spending for Information Security, Gartner Reearch, report ID G00126733, 9 March 2005. Yain, R. Enterprie Size Up Managed Security, Internet Week, 6/19/2001 43