1,810 research outputs found
Outsourcing Information Security: The Role of Information Leakage in Outsourcing Decisions
Emerging research regarding the economics of outsourcing information security recommends that firms utilize full outsourcing due to its cost advantages but ignore the risk of information leakage. In our model, we take the information leakage into account, and show that it is necessary for firm to assess the risk before outsourcing. Next, we divide a firm’s business operations into core business and non-core business operations and introduce a partial outsourcing strategy. We find that the security quality of partial outsourcing is always lower. Subsequently, we demonstrate the conditions for selecting from among three security strategies, i.e., in-house development, partial outsourcing and full outsourcing. Based on our results, in high-risk information leakage environments, we do not recommend outsourcing. We further demonstrate that outsourcing security of non-core business is an alternative strategy when the risk of information leakage is not high. A firm should shift from outsourcing to developing security protection in-house as the percentage of information assets utilized for core business increases. In addition, our results show that outsourcing information security of only core business is a strictly dominated strategy
Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements
The interdependency of information security risks often induces firms to invest inefficiently in information technology security management. Cyberinsurance has been proposed as a promising solution to help firms optimize security spending. However, cyberinsurance is ineffective in addressing the investment inefficiency caused by risk interdependency. In this paper, we examine two alternative risk management approaches: risk pooling arrangements (RPAs) and managed security services (MSSs). We show that firms can use an RPA as a complement to cyberinsurance to address the overinvestment issue caused by negative externalities of security investments; however, the adoption of an RPA is not incentive-compatible for firms when the security investments generate positive externalities. We then show that the MSS provider serving multiple firms can internalize the externalities of security investments and mitigate the security investment inefficiency. As a result of risk interdependency, collective outsourcing arises as an equilibrium only when the total number of firms is small
Factors influencing the organizational decision to outsource IT security
IT security outsourcing is the process of contracting a third-party security service provider to perform, the full or partial IT security functions of an organization. Little is known about the factors influencing organizational decisions in outsourcing such a critical function. Our review of the research and practice literature identified several managerial factors (e.g., cost-benefit, inability to cope with the threat environment) and legal factors (e.g., regulatory/legal compliance). We found research in IT security outsourcing to be immature and the focus areas not addressing the critical issues facing industry practice. We, therefore, present a research agenda consisting of fifteen questions to address five key gaps relating to knowledge of IT security outsourcing – i.e., the effectiveness of the outcome, lived experience of the practice, the temporal dimension, multi-stakeholder perspectives, and the impact on IT security practices, particularly agility in incident response
Recommended from our members
EGovernance implementation model: Case study of the federal government agencies of Pakistan
Copyright @ 2013 EMCIS.This study examines the eGovernance potential to bring about structural changes in the way in which government agencies operate, interact and communicate internally and externally with its citizens. Public sector needs to adopt eGovernance that is focused on the citizen satisfaction. In many developed countries, the types and quality of public services provided by a Government to its citizens have evolved over time, due to their change in thinking regarding the role of Government, from being a traditional government to that of being a modern service provider. Thus, this study will focus on the complaint management information systems of the selected federal government agencies in Pakistan. Authors were able to derive the implementation model of eGovernance only after doing analysis of all of the data obtained from questionnaires, interviews and observations at the federal government level in Pakistan. Authors found that the overall outcome of the validation process indicated that the model is highly satisfactory to improve the overall eGovernance system to provide modern services to its citizens
A data quarantine model to secure data in edge computing
Edge computing provides an agile data processing platform for latency-sensitive and communication-intensive applications through a decentralized cloud and geographically distributed edge nodes. Gaining centralized control over the edge nodes can be challenging due to security issues and threats. Among several security issues, data integrity attacks can lead to inconsistent data and intrude edge data analytics. Further intensification of the attack makes it challenging to mitigate and identify the root cause. Therefore, this paper proposes a new concept of data quarantine model to mitigate data integrity attacks by quarantining intruders. The efficient security solutions in cloud, ad-hoc networks, and computer systems using quarantine have motivated adopting it in edge computing. The data acquisition edge nodes identify the intruders and quarantine all the suspected devices through dimensionality reduction. During quarantine, the proposed concept builds the reputation scores to determine the falsely identified legitimate devices and sanitize their affected data to regain data integrity. As a preliminary investigation, this work identifies an appropriate machine learning method, linear discriminant analysis (LDA), for dimensionality reduction. The LDA results in 72.83% quarantine accuracy and 0.9 seconds training time, which is efficient than other state-of-the-art methods. In future, this would be implemented and validated with ground truth data
Seizing new possibilities for expanding the scope of Cybersecurity Research in Information Systems
As Cybersecurity continues to have a significant impact on modern society, there is a pressing need for a more comprehensive research agenda in Information Systems (IS). In this study, we conducted a thorough literature review of prominent IS journals to identify gaps in Cybersecurity research practices. Our findings indicate that there is a significant gap between research and practice, particularly in terms of focus on Cybersecurity behavioural factors in the past decade. To address this gap, we recommend that future Cybersecurity research in IS should adopt a broader perspective that incorporates relevant sociotechnical knowledge areas and theories. We provide an example of Cybersecurity research topics that go beyond behavioural aspects and suggest mapping of Cybersecurity sociotechnical research knowledge areas in Information Systems to guide future research efforts. This study highlights the importance of broadening the scope of Cybersecurity research in IS to address the complex Cybersecurity challenges in contemporary practice
APPLICATION OUTSOURCING IN THE BANKING INDUSTRY – ITO MODEL
Information Technology Outsourcing (ITO) in terms of the replacement of the in-house
production of IT activities by the use of third party suppliers had already started in the
1960s and has increased considerably. For 2013, the Gartner Group expected that the
global ITO market would reach a volume of 288 bn US dollars. Until 2017, the market
should grow on average about 5.4% yearly.
Despite the rich set of experiences companies have already had with ITO, the chances
of success are seen as at best 50:50. Currently, the dramatic growth of ITO is accompanied
by backsourcing of formerly outsourced IT functions or reports about dissatisfaction
and problems with ITO. Scientists put ITO failures or problems down to a lack of
modelling of all the possible factors affecting ITO success and demand a specific ITO
theory as a basis for better explaining and predicting successes and failures in an IT
sourcing context.
This thesis takes up this research gap. The aim of this thesis is to develop a novel ITO
Model which aids organisations in planning and implementing ITO solutions by guiding
them through the ITO process steps of preparation, selection, contract, transition, execution,
and post-deal comprising a comprehensive picture of the weighted aspects relevant
to ITO success and their interdependencies.
In order to achieve this aim, the following objectives were established for this thesis:
raising the topical level of scientific knowledge of the last decades about successinfluencing
factors in the ITO field based on an extensive literature survey of 48 scientific
articles deriving ITO success factors from empirical research work; structuring of
this success factor knowledge by the development of two ITO taxonomies (taxonomy of
success factors and taxonomy of success factor interdependencies); testing its practical
applicability on the basis of 8 real long-running application outsourcing cases in the
banking industry; further development of the success factor knowledge by identification
of weightings and the temporal relevance of relevant success factors / success factor
interdependencies within the ITO process. Design of the novel ITO Model based on the
empirical knowledge gained by development of rules for relevant success factors and
success factor interdependencies, by arrangement of these rules in temporal order within
the ITO process and by assignment of these rules to four levels of environment
Developing and verifying a set of principles for the cyber security of the critical infrastructures of Turkey
Critical infrastructures are vital assets for countries as a harm given to critical infrastructures may affect public order, economic welfare and/or national security. Today, cyber systems are extensively used to control and monitor critical infrastructures. Therefore, cyber threats have the potential to adversely affect the order of societies and countries. In this PhD study, the root causes of the susceptibility of the critical infrastructures of Turkey to the cyber threats are identified by analyzing the qualitative data with the grounded theory method. The extracted root causes are verified by two experts. The set of principles for the cyber security of the critical infrastructures are determined by introducing the root causes to six experts in a five-phased Delphi survey. A state-level cyber security maturity model to measure the readiness level of the critical infrastructure protection efforts is developed by using the set of principles. Because maturity criteria are grounded on the root causes of the susceptibility to cyber threats, the maturity model is named Vulnerability Driven National Cyber Security Maturity Model. The readiness level of the critical infrastructure protection efforts of Turkey is measured by the participation of ten former/current government officials in the maturity survey. The root causes, the set of principles, and the results of the maturity survey are compared with the relevant studies of the academia, non-profit organizations and governments
- …