Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir

Information Communication Technology (ICT) services have become increasingly important in today’s business environment with most private and government agencies without sufficient resources and expertise outsourcing their ICT projects to vendors. However, this strategy could invite potentially damag...

Full description

Saved in:
Bibliographic Details
Main Author: Khidzir, Nik Zulkarnaen
Format: Thesis
Language:English
Published: 2013
Online Access:https://ir.uitm.edu.my/id/eprint/18328/1/18328.pdf
https://ir.uitm.edu.my/id/eprint/18328/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.uitm.ir.18328
record_format eprints
spelling my.uitm.ir.183282022-07-14T07:54:16Z https://ir.uitm.edu.my/id/eprint/18328/ Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir Khidzir, Nik Zulkarnaen Information Communication Technology (ICT) services have become increasingly important in today’s business environment with most private and government agencies without sufficient resources and expertise outsourcing their ICT projects to vendors. However, this strategy could invite potentially damaging information security risks (ISRs). Subsequently, a dedicated framework for information security risk management for ICT outsourcing activities needs to be in place to address and manage its related risk factors. The research focuses on managing Information Security Risks (ISRs) in ICT outsourcing projects in a Malaysian environment. The mixed research method, combining the quantitative and qualitative was employed to achieve the research objectives. 110 respondents participated in a survey while focus groups from eight organizations were interviewed. From the quantitative study, the critical information security risks in ICT outsourcing project were identified and ranked. Furthermore, through an exploratory factor analysis, two additional critical Information Security Risk (ISR) factors were discovered, being information security management defects and the challenges of managing unexpected change of service providers. Results show that organizations practiced Information Security Risk- Identification; Information Security Risk-Analysis; Information Security Risk- Treatment Plan; Information Security Risk-Treatment Plan Implementation; Information Security Risk-Monitoring; and Information Security Risk-Control. However, there was divergence in the key activities practiced due to several factors. The findings were then used as a basis for the framework development. The framework proposed step-by-step processes, activities and guidelines to be taken in managing Information Security Risk (ISR). The case study results discovered organizations had excluded some of the processes and activities due to financial, resources and time constraints. However, the framework confirmatory done through expert-judgement proves that the framework had thoroughly assessed information security risk management from an outsourcing perspective and is applicable to ICT projects implemented in Malaysia. Fundamentally, the development of the framework will enable organizations to identify ISR factors and to urgently address them so that the full benefits of ICT outsourcing may be reaped. 2013 Thesis NonPeerReviewed text en https://ir.uitm.edu.my/id/eprint/18328/1/18328.pdf Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir. (2013) PhD thesis, thesis, Universiti Teknologi MARA.
institution Universiti Teknologi Mara
building Tun Abdul Razak Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Mara
content_source UiTM Institutional Repository
url_provider http://ir.uitm.edu.my/
language English
description Information Communication Technology (ICT) services have become increasingly important in today’s business environment with most private and government agencies without sufficient resources and expertise outsourcing their ICT projects to vendors. However, this strategy could invite potentially damaging information security risks (ISRs). Subsequently, a dedicated framework for information security risk management for ICT outsourcing activities needs to be in place to address and manage its related risk factors. The research focuses on managing Information Security Risks (ISRs) in ICT outsourcing projects in a Malaysian environment. The mixed research method, combining the quantitative and qualitative was employed to achieve the research objectives. 110 respondents participated in a survey while focus groups from eight organizations were interviewed. From the quantitative study, the critical information security risks in ICT outsourcing project were identified and ranked. Furthermore, through an exploratory factor analysis, two additional critical Information Security Risk (ISR) factors were discovered, being information security management defects and the challenges of managing unexpected change of service providers. Results show that organizations practiced Information Security Risk- Identification; Information Security Risk-Analysis; Information Security Risk- Treatment Plan; Information Security Risk-Treatment Plan Implementation; Information Security Risk-Monitoring; and Information Security Risk-Control. However, there was divergence in the key activities practiced due to several factors. The findings were then used as a basis for the framework development. The framework proposed step-by-step processes, activities and guidelines to be taken in managing Information Security Risk (ISR). The case study results discovered organizations had excluded some of the processes and activities due to financial, resources and time constraints. However, the framework confirmatory done through expert-judgement proves that the framework had thoroughly assessed information security risk management from an outsourcing perspective and is applicable to ICT projects implemented in Malaysia. Fundamentally, the development of the framework will enable organizations to identify ISR factors and to urgently address them so that the full benefits of ICT outsourcing may be reaped.
format Thesis
author Khidzir, Nik Zulkarnaen
spellingShingle Khidzir, Nik Zulkarnaen
Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
author_facet Khidzir, Nik Zulkarnaen
author_sort Khidzir, Nik Zulkarnaen
title Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_short Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_full Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_fullStr Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_full_unstemmed Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_sort information security risk factors and management framework for ict outsourcing / nik zulkarnaen khidzir
publishDate 2013
url https://ir.uitm.edu.my/id/eprint/18328/1/18328.pdf
https://ir.uitm.edu.my/id/eprint/18328/
_version_ 1738513836371083264
score 13.211869