Managing the outsourcing of information security processes: the 'cloud' solution

Information security processes and systems are relevant for any organization and involve medium-to-high investment; however, the current economic downturn is causing a dramatic reduction in spending on Information Technology (IT). Cloud computing (i.e., externalization of one or more IT services) might be a solution for organizations keen to maintain a good level of security. In this paper we discuss whether cloud computing is a valid alternative to in-house security processes and systems drawing on four mini-case studies of higher education institutions in New England, US. Our findings show that the organization’s IT spending capacity affects the choice to move to the cloud; however, the perceived security of the cloud and the perceived in-house capacity to provide high quality IT (and security) services moderate this relationship. Moreover, other variables such as (low) quality of technical support, relatively incomplete contracts, poor defined Service License Agreements (SLA), and ambiguities over data ownership affect the choice to outsource IT (and security) using the cloud. We suggest that, while cloud computing could be a useful means of IT outsourcing, there needs to be a number of changes and improvements to how the service is currently delivered

Outsourcing information systems: Drawing lessons from a banking case study

Financial and costs benefits are often put forward as the reasons why organisations decide to outsource. Emerging patterns and trends indicate that today’s outsourcing decisions are often motivated by factors other than cost. Thus, the decision-making process is more complex than it may at first appear. This paper presents findings from a case study from an organisation in the UK banking sector that was motivated to outsource aspects of its information technology/information system (IT/IS). The underlying motives and decision-making process that influenced the bank outsource its IT/IS are presented and discussed. Findings from the case study suggest political perspectives, as well as human and organisational issues influenced the bank’s strategic decision-making to outsource certain aspects of its business. An examination of the case study findings suggests that cost alone is not always responsible for decisions to outsource, as it was found the bank’s outsourcing decision was driven by a series of complex, interrelated motives in a bid to reduce the risks and uncertainties of managing its own technology. Considering the complex nature of the outsourcing process a frame of reference that can be used to assist managers with their decision to outsource IT/IS is propagated. The case study is used to present an organisation’s experiences as to how and why it decided to outsource its IS and thus offers a learning opportunity for other organisations facing similar difficulties. In addition, the case study findings highlight the need to focus greater attention on discriminating between the short and long-term consequences of IT/IS decision-makin

Applying Real Options Thinking to Information Security in Networked Organizations

An information security strategy of an organization participating in a networked business sets out the plans for designing a variety of actions that ensure confidentiality, availability, and integrity of company’s key information assets. The actions are concerned with authentication and nonrepudiation of authorized users of these assets. We assume that the primary objective of security efforts in a company is improving and sustaining resiliency, which means security contributes to the ability of an organization to withstand discontinuities and disruptive events, to get back to its normal operating state, and to adapt to ever changing risk environments. When companies collaborating in a value web view security as a business issue, risk assessment and cost-benefit analysis techniques are necessary and explicit part of their process of resource allocation and budgeting, no matter if security spendings are treated as capital investment or operating expenditures. This paper contributes to the application of quantitative approaches to assessing risks, costs, and benefits associated with the various components making up the security strategy of a company participating in value networks. We take a risk-based approach to determining what types of security a strategy should include and how much of each type is enough. We adopt a real-options-based perspective of security and make a proposal to value the extent to which alternative components in a security strategy contribute to organizational resiliency and protect key information assets from being impeded, disrupted, or destroyed

Locating Decision Rights: Evidence from the Mutual Fund Industry

Mutual fund advisors make portfolio decisions for their funds on a daily basis. We examine the location of these portfolio decision rights on two dimensions. First, we consider the geographic location of the decision rights. Second, we consider whether the decision rights remain with an advisor or are allocated to an independent sub-advisor. We argue that the allocation of portfolio decision rights involves a tradeoff between the opportunity cost of not matching decision rights with specific knowledge, and the agency costs associated with moving the decision rights to the specific knowledge. The patterns in the location of decision rights are consistent with the tradeoff being a meaningful determinant of the allocation of decision rights in the mutual fund industry. We also find that funds that are predicted to be sub-advised and are sub-advised outperform those that are predicted to be sub-advised but are not

To outsource or not to outsource!

In this article we will take a look at the phenomena of outsourcing as an overarching business concept that is, in short, about contracting of a specific bit of our business to a third part organisation. Consequently, outsourcing is a natural part of the make, share or buy continuum, as illustrated in Figure 1. We would, therefore, argue that outsourcing is not a new business phenomena as it has been commonly practiced since the early times of industrialisation, even though recently it has been enjoying renewed attention fuelled by the globalising forces

The Knowledge Application and Utilization Framework Applied to Defense COTS: A Research Synthesis for Outsourced Innovation

Purpose -- Militaries of developing nations face increasing budget pressures, high operations tempo, a blitzing pace of technology, and adversaries that often meet or beat government capabilities using commercial off-the-shelf (COTS) technologies. The adoption of COTS products into defense acquisitions has been offered to help meet these challenges by essentially outsourcing new product development and innovation. This research summarizes extant research to develop a framework for managing the innovative and knowledge flows. Design/Methodology/Approach – A literature review of 62 sources was conducted with the objectives of identifying antecedents (barriers and facilitators) and consequences of COTS adoption. Findings – The DoD COTS literature predominantly consists of industry case studies, and there’s a strong need for further academically rigorous study. Extant rigorous research implicates the importance of the role of knowledge management to government innovative thinking that relies heavily on commercial suppliers. Research Limitations/Implications – Extant academically rigorous studies tend to depend on measures derived from work in information systems research, relying on user satisfaction as the outcome. Our findings indicate that user satisfaction has no relationship to COTS success; technically complex governmental purchases may be too distant from users or may have socio-economic goals that supersede user satisfaction. The knowledge acquisition and utilization framework worked well to explain the innovative process in COTS. Practical Implications – Where past research in the commercial context found technological knowledge to outweigh market knowledge in terms of importance, our research found the opposite. Managers either in government or marketing to government should be aware of the importance of market knowledge for defense COTS innovation, especially for commercial companies that work as system integrators. Originality/Value – From the literature emerged a framework of COTS product usage and a scale to measure COTS product appropriateness that should help to guide COTS product adoption decisions and to help manage COTS product implementations ex post

Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification

The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model

"The Role of the Senior HR Executive in Japan and the United States: Companies, Countries, and Convergence"

Based on data from an original survey of senior HR executives in Japan and the United States, this paper provides empirical data for evaluating institutional convergence. In both countries, the headquarters HR function has shrunk and that employment decisions have become more decentralized. However, because the pace of change has been more rapid in the U.S., the national gap has widened. Differences persist in other areas, such as the HR executive's role in strategic decisions, perceived power of the HR function, how executives balance shareholder and employee interests, and the consequences of these decisions for corporate governance and organizational outcomes.

Options for Human Capital Acquisition

An \u27options\u27 view of human capital acquisition explains value creation through timedeferred, sequential, path-dependent investment choices and addresses gaps in the resourcebased theory explanation of the relationship between human resources and competitive advantage. Firms will invest in options for human capital, using alternative employment arrangements like temporary/contractual/part-time workers and internships, or by outsourcing the work, when uncertainty associated with human capital is high and investments in human capital are largely irreversible. We discuss various options for skills and employees, two interrelated components of human capital. These are flexibility options, options to wait or defer, options to abandon, learning options, and switching options. The opportunity cost of not having options is quantifiable, which makes the real options approach valuable for strategic HRM decisions