Title :
Information security risk management: An empirical study on the importance and practices in ICT outsourcing
Author :
Khidzir, Nik Zulkarnaen ; Arshad, Noor Habibah Hj ; Mohamed, Azlinah
Author_Institution :
Dept. of Syst. Sci., Univ. Teknol. MARA, Shah Alam, Malaysia
Abstract :
There are many organizations opt for outsourcing in order to cut cost and improve efficiency for their ICT services. On the other hand, ICT outsourcing could also contribute to some risks especially information risks that could jeopardize information asset in the company. An appropriate information security risk management (ISRM) in ICT outsourcing should be in place in order to minimize the potential risks and their impact to business operation as well as ICT services. The objective of this research is to conduct an empirical study on the relationship between importance and practices of ISRM in ICT Outsourcing. Questionnaires were distributed to various private companies and government agencies in Malaysia for the study. Findings of the study show that importance of ISRM process influences its practices in ICT outsourcing. Through the findings, information security risk professional would be able to identify the importance of ISRM and improve their practices in managing information security risk for ICT outsourcing projects. Finally, companies and government agencies need to improve their practices managing information risks in ICT Outsourcing.
Keywords :
DP management; outsourcing; risk management; security of data; ICT outsourcing; ICT services; companies; government agencies; information risks; information security risk management; Government; Information security; Monitoring; Outsourcing; Risk management; Empirical Analysis; Information Communication Technology; Information Security Risk Management; Outsourcing; Risk Mitigation;
Conference_Titel :
Information Technology (ITSim), 2010 International Symposium in
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4244-6715-0
DOI :
10.1109/ITSIM.2010.5561646
