Information assets security requirement: The relationship between confidentiality and availability of information assets in ICT outsourcing

Information Communication Technology (ICT) Outsourcing provides an effective ways to cut cost and improve efficiency in ICT services. However, the strategy could invite some risks including information security risk. Therefore, fundamental concepts of information security requirements such as confidentiality, integrity and availability for information assets involved in ICT outsourcing cycle need to be identified extensively to ensure these information assets are secure from security risks. Hence, the main objective of this research is to conduct an empirical study on relationship between information assets confidentiality and availability in ICT outsourcing. Questionnaires were distributed to 300 private companies from various industry and government agencies in Malaysia for the study. Findings reveal that the higher the confidentiality level, the higher the availability level of the information assets. However, the findings revealed dissimilar relationship strength between confidentiality and availability of information assets in ICT outsourcing phases. Strong positive relationship exists between confidentiality and availability in Selection of Service Provider and On-going Monitoring phase. But, moderate positive relationship exists in Analysis of Decision to Outsource and Contract Management phases. Based from these findings, organization could improve their plan and practices in managing information assets and to urgently address information security risks in ICT outsourcing project implementation.