Design and performance aspects of information security prediction markets for risk management

Prediction Markets are the markets designed and operated to mine and aggregate the information scattered among the traders. Recently, some researchers have started exploring the application of prediction markets in the information security domain. The information security prediction market will facilitate trading of contracts to hedge the financial impact of the risks associated with the underlying information security events, such as discovery of a vulnerability in a piece of software. However, prediction markets differ in their objectives and requirements, and therefore information security prediction markets need to be carefully engineered to meet the specific requirements. The contribution of this paper is the identification of a set of design requirements for an information security prediction market, and associated performance criteria. We present five categories of design requirements: Contracts, Trading Process, Participants and Incentives, Clearing House, and Market Management for the information security prediction market. Furthermore, we present six performance measures: Information Elicitation, Transparency, Efficiency, Transaction Cost, Liquidity, and Manipulation Resistance for the performance assessment of information security prediction market.