The importance of human factors when assessing outsourcing security risks

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University


Faculty of Computing, Health and Science


School of Computer and Information Science




Colwill, C., & Jones, A. (2007, December). The Importance of Human Factors when Assessing Outsourcing Security Risks. In Australian Information Security Management Conference (p. 27). Available here


The word is becoming increasingly interconnected and ways of doing business are evolving rapidly. Communications technology is ubiquitous and reliable and businesses are continuously seeking ways in which systems can be exploited to improve resilience, become more efficient and reduce costs. One way in which organisations seek to achieve this is by concentrating their efforts on core business processes and outsourcing non-core functions. However, outsourcing - and particularly offshoring - presents many security issues that must be considered throughout the lifetime of contracts. The scale of outsourcing and increasing technological and security complexity is making this task more difficult. Often neglected, or given low priority, are factors relating to the people who will be working on the contract. These factors will be driven by regional and cultural differences and will manifest themselves in differing security threat and risk profiles and risk management frameworks must be designed to recognise and cater for these variations. This paper is based on BT’s extensive global sourcing experience and describes some of the key human factors that can impact significantly on the success, or otherwise, of secure outsoucing. The application of technology alone will not provide solutions. Security controls need to be workable in a variety of environments and need to be designed, implemented and maintained with end user behaviour in mind. New approaches need to be considered for building and maintaining trust and secure relationships between organisations over time. Ownership of security is required, as is a means of building understanding and empathy with the cutomers’ need for security; this may only be effective in the long term rather than short term – and this in itself presents a major challenge in the outsourcing world with its high churn of personnel.



Access Rights




Link to publisher version (DOI)