Australian Information Security Management Conference

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University, Perth, Western Australia


4th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 5th December, 2006


IT security outsourcing is the establishment of a contractual relationship between an organization with an outside vendor which assumes responsibility for the organisation’s security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems is placed in the hands of an external provider. This paper is a fuller and more comprehensive paper of a previous paper outlining the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integrates security benefits, costs and their respective performance measures. In this paper the methodology used to develop the model is discussed in detail.