Abstract
In this paper we present an analysis of top security issues related to IT outsourcing. Identification of top issues is important since there is a limited understanding of security in outsourcing relationships. Such an analysis will help decision makers in appropriate strategic planning for secure outsourcing. Our analysis is conducted through a two-phase approach. First, a Delphi study is undertaken to identify the top issues. Second, an intensive study of phase one results is undertaken to better understand the reasons for the different perceptions.
Chapter PDF
References
Arora, A.: Contracting for tacit knowledge: the provision of technical services in technology licensing contracts. Journal of Development Economics 50(2), 233–256 (1996)
Barthelemy, J.: The hidden costs of IT outsourcing. MIT Sloan Management Review 42(3), 60–69 (2001)
Bojanc, R., Jerman-Blažič, B.: An economic modelling approach to information security risk management. International Journal of Information Management 28(5), 413–422 (2008)
Chang, A.J.T., Yeh, Q.J.: On security preparations against possible IS threats across industries. Information Management & Computer Security 14(4), 343–360 (2006)
Colwill, C., Gray, A.: Creating an effective security risk model for outsourcing decisions. BT Technology Journal 25(1), 79–87 (2007)
Dhillon, G.: Organizational competence in harnessing IT: a case study. Information & Management 45(5), 297–303 (2008)
Dibbern, J., Goles, T., Hirschheim, R., Jayatilaka, B.: Information systems outsourcing: a survey and analysis of the literature. ACM SIGMIS Database 35(4), 6–102 (2004)
Dlamini, M.T., Eloff, J.H., Eloff, M.M.: Information security: The moving target. Computers & Security 28(3), 189–198 (2009)
Doomun, M.R.: Multi-level information system security in outsourcing domain. Business Process Management Journal 14(6), 849–857 (2008)
Earl, M.J.: The risks of outsourcing IT. Sloan Management Review 37, 26–32 (1996)
Fulford, H., Doherty, N.F.: The application of information security policies in large UK-based organizations: an exploratory investigation. Information Management & Computer Security 11(3), 106–114 (2003)
Goles, T.: The Impact of Client-Vendor Relationship on Outsourcing Success. University of Houston, Houston (2001)
Henderson, J.C., Venkatraman, N.: Strategic alignment: leveraging information technology for transforming organisations. IBM Systems Journal 32(1), 4–16 (1993)
Kaiser, K.M., Hawk, S.: Evolution of offshore software development: From outsourcing to cosourcing. MIS Quarterly Executive 3(2), 69–81 (2004)
Kern, T., Willcocks, L.P., Lacity, M.C.: Application service provision: Risk assessment and mitigation. MIS Quarterly Executive 1(2), 113–126 (2002)
Khalfan, A.M.: Information security considerations in IS/IT outsourcing projects: a descriptive case study of two sectors. International Journal of Information Management 24(1), 29–42 (2004)
Lacity, M.C., Willcocks, L.P.: An Empirical Investigation of Information Technology Sourcing Practices: Lessons from Experience. MIS Quarterly 22(3), 363–408 (1998)
Lacity, M.C., Khan, S., Yan, A., Willcocks, L.P.: A review of the IT outsourcing empirical literature and future research directions. Journal of Information Technology 25(4), 395–433 (2010)
Levina, N., Ross, J.W.: From the vendor’s perspective: exploring the value proposition in information technology outsourcing. MIS Quarterly, 331–364 (2003)
Livari, J.: The organizational fit of information systems. Information Systems Journal 2(1), 3–29 (1992)
Loch, K.D., Carr, H.H., Warkentin, M.E.: Threats to information systems: today’s reality, yesterday’s understanding. MIS Quarterly, 173–186 (1992)
Miranda, S.M., Kavan, C.B.: Moments of governance in IS outsourcing: conceptualizing effects of contracts on value capture and creation. Journal of Information Technology 20(3), 152–169 (2005)
Nassimbeni, G., Sartor, M., Dus, D.: Security risks in service offshoring and outsourcing. Industrial Management & Data Systems 112(3), 4–4 (2012)
Nightingale, D.V., Toulouse, J.M.: Toward a multilevel congruence theory of organization. Administrative Science Quarterly, 264–280 (1977)
Norman, P.M.: Protecting knowledge in strategic alliances: Resource and relational characteristics. The Journal of High Technology Management Research 13(2), 177–202 (2002)
Okoli, C., Pawlowski, S.D.: The Delphi method as a research tool: an example, design considerations and applications. Information & Management 42(1), 15–29 (2004)
Osei-Bryson, K.-M., Ngwenyama, O.K.: Managing risks in information systems outsourcing: an approach to analyzing outsourcing risks and structuring incentive contracts. European Journal of Operational Research 174(1), 245–264 (2006)
Pai, A.K., Basu, S.: Offshore technology outsourcing: overview of management and legal issues. Business Process Management Journal 13(1), 21–46 (2007)
Posthumus, S., Von Solms, R.: A framework for the governance of information security. Computers & Security 23(8), 638–646 (2004)
Raghu, T.: Cyber-security policies and legal frameworks governing Business Process and IT Outsourcing arrangements. Paper Presented at the Indo-US Conference on Cyber-Security, Cyber-Crime & Cyber Forensics (2009)
Sakthivel, S.: Managing risk in offshore systems development. Communications of the ACM 50(4), 69–75 (2007)
Schmidt, R.C.: Managing Delphi surveys using nonparametric statistical techniques. Decision Sciences 28(3), 763–774 (1997)
Sterman, J.D., Repenning, N.P., Kofman, F.: Unanticipated side effects of successful quality programs: Exploring a paradox of organizational improvement. Management Science 43(4), 503–521 (1997)
Tickle, I.: Data integrity assurance in a layered security strategy. Computer Fraud & Security 2002(10), 9–13 (2002)
Tran, E., Atkinson, M.: Security of personal data across national borders. Information Management & Computer Security 10(5), 237–241 (2002)
Venkatraman, N.: Beyond outsourcing: managing IT resources as a value center. Sloan Management Review 38(3), 51–64 (1997)
Wei, Y., Blake, M.: Service-oriented computing and cloud computing: Challenges and opportunities. IEEE Internet Computing 14(6), 72–75 (2010)
Willcocks, L., Lacity, M.C.: Relationships in IT Outsourcing: A Stakholder Perspective. In: Zmud, R. (ed.) Framing the Domains of IT Management, pp. 355–384. Pinnaflex Inc., Ohio (2000)
Willcocks, L., Hindle, J., Feeny, D., Lacity, M.: IT and business process outsourcing: The knowledge potential. Information Systems Management 21(3), 7–15 (2004)
Wüllenweber, K., Beimborn, D., Weitzel, T., König, W.: The impact of process standardization on business process outsourcing success. Information Systems Frontiers 10(2), 211–224 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Dhillon, G., Chowdhuri, R., de Sá-Soares, F. (2013). Secure Outsourcing: An Investigation of the Fit between Clients and Providers. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-39218-4_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)