Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir

Khidzir, Nik Zulkarnaen (2013) Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir. PhD thesis, Universiti Teknologi MARA.

Abstract

Information Communication Technology (ICT) services have become increasingly important in today’s business environment with most private and government agencies without sufficient resources and expertise outsourcing their ICT projects to vendors. However, this strategy could invite potentially damaging information security risks (ISRs). Subsequently, a dedicated framework for information security risk management for ICT outsourcing activities needs to be in place to address and manage its related risk factors. The research focuses on managing Information Security Risks (ISRs) in ICT outsourcing projects in a Malaysian environment. The mixed research method, combining the quantitative and qualitative was employed to achieve the research objectives. 110 respondents participated in a survey while focus groups from eight organizations were interviewed. From the quantitative study, the critical information security risks in ICT outsourcing project were identified and ranked. Furthermore, through an exploratory factor analysis, two additional critical Information Security Risk (ISR) factors were discovered, being information security management defects and the challenges of managing unexpected change of service providers. Results show that organizations practiced Information Security Risk- Identification; Information Security Risk-Analysis; Information Security Risk- Treatment Plan; Information Security Risk-Treatment Plan Implementation; Information Security Risk-Monitoring; and Information Security Risk-Control. However, there was divergence in the key activities practiced due to several factors. The findings were then used as a basis for the framework development. The framework proposed step-by-step processes, activities and guidelines to be taken in managing Information Security Risk (ISR). The case study results discovered organizations had excluded some of the processes and activities due to financial, resources and time constraints. However, the framework confirmatory done through expert-judgement proves that the framework had thoroughly assessed information security risk management from an outsourcing perspective and is applicable to ICT projects implemented in Malaysia. Fundamentally, the development of the framework will enable organizations to identify ISR factors and to urgently address them so that the full benefits of ICT outsourcing may be reaped.

Metadata

Item Type: Thesis (PhD)
Creators:
Creators
Email / ID Num.
Khidzir, Nik Zulkarnaen
UNSPECIFIED
Contributors:
Contribution
Name
Email / ID Num.
Thesis advisor
Arshad (Hj), Noor Habibah (Associate Prof. Dr.)
UNSPECIFIED
UNSPECIFIED
Mohamed (Hj), Azlinah (Prof. Dr.)
UNSPECIFIED
Divisions: Universiti Teknologi MARA, Shah Alam > Faculty of Computer and Mathematical Sciences
Keywords: Information security; Risk factors; Management framework; ICT outsourcing
Date: 2013
URI: https://ir.uitm.edu.my/id/eprint/18328
Edit Item
Edit Item

Download

[thumbnail of 18328.pdf] Text
18328.pdf

Download (191kB)

Digital Copy

Digital (fulltext) is available at:

Physical Copy

Physical status and holdings:
Item Status:
Repairing

ID Number

18328

Indexing

Statistic

Statistic details