The Derivation of a Conceptual Model for IT Security Outsourcing

Authors

W D. Wilde, Deakin University
M J. Warren, Deakin University
W Hutchinson, Edith Cowan University

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Comments

4th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 5th December, 2006

Abstract

IT security outsourcing is the establishment of a contractual relationship between an organization with an outside vendor which assumes responsibility for the organisation’s security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems is placed in the hands of an external provider. This paper is a fuller and more comprehensive paper of a previous paper outlining the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integrates security benefits, costs and their respective performance measures. In this paper the methodology used to develop the model is discussed in detail.

DOI

10.4225/75/57b667ec34778