Factors impacting information security risk management in IT outsourcing: an agency theory perspective
Date
2021
Authors
Bhatti, B.M.
Mubarak, S.
Nagalingam, S.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
PACIS 2021 Proceedings, 2021, pp.1-14
Statement of Responsibility
Conference Name
25th Pacific Asia Conference on Information Systems (PACIS) (12 Jul 2021 - 14 Jul 2021 : Online/Virtual)
Abstract
Modern businesses increasingly depend on other service organisations. Hence IT outsourcing (ITO) is on the rise and is now a USD multi-trillion industry. Nevertheless, the success rate is low, suggesting the need for scrupulous risk management in ITO. The researchers have long raised information security risk management (ISRM) among the top concerns in ITO. This paper investigates the factors impacting ISRM in ITO. The study follows a qualitative approach using the case study method. Data were collected through semi-structured interviews. Three organisations with distinct ITO orientations were investigated. The investigation applied the technology-organisation environment framework supplemented with agency theory to suit the ITO context of this research. The study presents the findings in a seven-dimensional framework - technology, organisation, people, process, legal, environment and strategy (TOPPLES) framework. The framework was verified through a focus group