Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed

Khidzir, Nik Zulkarnaen and Arshad, Noor Habibah and Mohamed, Azlinah (2010) Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed. Journal of Media and Information Warfare (JMIW), 3. pp. 77-104. ISSN 1985-563X

Abstract

Data security and protection are seriously considered as information security
risk for information asset in IT outsourcing (ITO). Therefore, risk management
and analysis for security management is an approach to determine which
security controls are appropriate and cost effective to be implemented across
organization for ITO to secure data/information asset. However, previous
established approach does not extensively focus into information security
risk in ITO. For that reason, a conceptual framework on information security
risk management in IT outsourcing (ISRM-ITO) will be introduced throughout
this paper. An extensive amount of literature review on fundamental concepts,
theoretical background and previous findings on information security risk
management and ITO had been conducted. Throughout the review, theoretical
foundation and the process that lead to success in managing information
security risk ITO were identified and these findings become a key component
in developing the conceptual framework. ISRM-ITO conceptual framework
consists of two layers. The first layer concentrates on information security
risks identification and analysis before the decision is made to outsource it.
The second layer will cover the approach of information security risk
management which is used to analyze, mitigate and monitor risks for the rest
of the ITO lifecycle. Proposed conceptual framework could improve
organization practices in information security study for IT outsourcing through
the adoption of risk management approach. Finally, an approach to determine
a cost effective security control for information security risk can be
implemented successfully in the ITO cycle.

Metadata

Item Type: Article
Creators:
Creators
Email / ID Num.
Khidzir, Nik Zulkarnaen
UNSPECIFIED
Arshad, Noor Habibah
UNSPECIFIED
Mohamed, Azlinah
UNSPECIFIED
Subjects: H Social Sciences > HD Industries. Land use. Labor > Industry > Contracting. Letting of contracts. Contracting out
H Social Sciences > HD Industries. Land use. Labor > Management. Industrial Management > Electronic data processing. Information technology. Knowledge economy. Including artificial intelligence and knowledge management
H Social Sciences > HD Industries. Land use. Labor > Risk management. Risk in industry. Operational risk
Divisions: Universiti Teknologi MARA, Shah Alam > Faculty of Communication and Media Studies > Centre for Media and Information Warfare Studies (CMIWS)
Journal or Publication Title: Journal of Media and Information Warfare (JMIW)
UiTM Journal Collections: UiTM Journal > Journal of Media and Information Warfare (JMIW)
ISSN: 1985-563X
Volume: 3
Page Range: pp. 77-104
Keywords: Risk Management, Information Security, IT Outsourcing, Conceptual Framework, Risk Mitigation
Date: 2010
URI: https://ir.uitm.edu.my/id/eprint/10953
Edit Item
Edit Item

Download

[thumbnail of AJ_NIK ZULKARNAEN KHIDZIR JMIW 10.pdf] Text
AJ_NIK ZULKARNAEN KHIDZIR JMIW 10.pdf

Download (3MB)

ID Number

10953

Indexing

Statistic

Statistic details