A Framework for Information Security Risk Management in IT Outsourcing

Qualitative researchers in business and management information systems fields often need to employ a method of inter-coder reliability to test the trustworthiness of the findings of their content analysis. A suitable method for checking the inter-coder reliability enables researchers to rigorously assess the degree of agreement among two or more independent qualitative coders. By employing this method, researchers can identify mistakes in the content analysis before the codes are used in developing and testing a theory or a measurement model and avoid any associated time, effort and financial cost. However, little guidance is available on what method of inter-coder reliability check should be used. In this paper, we present a critical analysis of these methods that are suitable for qualitative business and management IS research, and provide an example of how we employed the most rigorous method among these methods for a qualitative behavioural IS study

Factors Impacting Information Security Risk Management in IT Outsourcing: An Agency Theory Perspective

Modern businesses increasingly depend on other service organisations. Hence IT outsourcing (ITO) is on the rise and is now a USD multi-trillion industry. Nevertheless, the success rate is low, suggesting the need for scrupulous risk management in ITO. The researchers have long raised information security risk management (ISRM) among the top concerns in ITO. This paper investigates the factors impacting ISRM in ITO. The study follows a qualitative approach using the case study method. Data were collected through semi-structured interviews. Three organisations with distinct ITO orientations were investigated. The investigation applied the technology-organisationenvironment framework supplemented with agency theory to suit the ITO context of this research. The study presents the findings in a seven-dimensional framework - technology, organisation, people, process, legal, environment and strategy (TOPPLES) framework. The framework was verified through a focus grou