Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed

Data security and protection are seriously considered as information security risk for information asset in IT outsourcing (ITO). Therefore, risk management and analysis for security management is an approach to determine which security controls are appropriate and cost effective to be implemente...

Full description

Bibliographic Details
Main Authors: Khidzir, Nik Zulkarnaen, Arshad, Noor Habibah, Mohamed, Azlinah
Format: Article
Language:English
Published: CMIWS and UiTM Press 2010
Subjects:
Online Access:http://ir.uitm.edu.my/id/eprint/10953/
http://ir.uitm.edu.my/id/eprint/10953/1/AJ_NIK%20ZULKARNAEN%20KHIDZIR%20JMIW%2010.pdf
id uitm-10953
recordtype eprints
spelling uitm-109532016-04-14T03:34:28Z http://ir.uitm.edu.my/id/eprint/10953/ Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed Khidzir, Nik Zulkarnaen Arshad, Noor Habibah Mohamed, Azlinah Contracting. Letting of contracts. Contracting out Electronic data processing. Information technology. Knowledge economy. Including artificial intelligence and knowledge management Risk management. Risk in industry. Operational risk Data security and protection are seriously considered as information security risk for information asset in IT outsourcing (ITO). Therefore, risk management and analysis for security management is an approach to determine which security controls are appropriate and cost effective to be implemented across organization for ITO to secure data/information asset. However, previous established approach does not extensively focus into information security risk in ITO. For that reason, a conceptual framework on information security risk management in IT outsourcing (ISRM-ITO) will be introduced throughout this paper. An extensive amount of literature review on fundamental concepts, theoretical background and previous findings on information security risk management and ITO had been conducted. Throughout the review, theoretical foundation and the process that lead to success in managing information security risk ITO were identified and these findings become a key component in developing the conceptual framework. ISRM-ITO conceptual framework consists of two layers. The first layer concentrates on information security risks identification and analysis before the decision is made to outsource it. The second layer will cover the approach of information security risk management which is used to analyze, mitigate and monitor risks for the rest of the ITO lifecycle. Proposed conceptual framework could improve organization practices in information security study for IT outsourcing through the adoption of risk management approach. Finally, an approach to determine a cost effective security control for information security risk can be implemented successfully in the ITO cycle. CMIWS and UiTM Press 2010 Article PeerReviewed text en http://ir.uitm.edu.my/id/eprint/10953/1/AJ_NIK%20ZULKARNAEN%20KHIDZIR%20JMIW%2010.pdf Khidzir, Nik Zulkarnaen and Arshad, Noor Habibah and Mohamed, Azlinah (2010) Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed. Journal of Media and Information Warfare, 3. pp. 77-104. ISSN 1985-563X
repository_type Digital Repository
institution_category Local University
institution Universiti Teknologi MARA
building UiTM Institutional Repository
collection Online Access
language English
topic Contracting. Letting of contracts. Contracting out
Electronic data processing. Information technology. Knowledge economy. Including artificial intelligence and knowledge management
Risk management. Risk in industry. Operational risk
spellingShingle Contracting. Letting of contracts. Contracting out
Electronic data processing. Information technology. Knowledge economy. Including artificial intelligence and knowledge management
Risk management. Risk in industry. Operational risk
Khidzir, Nik Zulkarnaen
Arshad, Noor Habibah
Mohamed, Azlinah
Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed
description Data security and protection are seriously considered as information security risk for information asset in IT outsourcing (ITO). Therefore, risk management and analysis for security management is an approach to determine which security controls are appropriate and cost effective to be implemented across organization for ITO to secure data/information asset. However, previous established approach does not extensively focus into information security risk in ITO. For that reason, a conceptual framework on information security risk management in IT outsourcing (ISRM-ITO) will be introduced throughout this paper. An extensive amount of literature review on fundamental concepts, theoretical background and previous findings on information security risk management and ITO had been conducted. Throughout the review, theoretical foundation and the process that lead to success in managing information security risk ITO were identified and these findings become a key component in developing the conceptual framework. ISRM-ITO conceptual framework consists of two layers. The first layer concentrates on information security risks identification and analysis before the decision is made to outsource it. The second layer will cover the approach of information security risk management which is used to analyze, mitigate and monitor risks for the rest of the ITO lifecycle. Proposed conceptual framework could improve organization practices in information security study for IT outsourcing through the adoption of risk management approach. Finally, an approach to determine a cost effective security control for information security risk can be implemented successfully in the ITO cycle.
format Article
author Khidzir, Nik Zulkarnaen
Arshad, Noor Habibah
Mohamed, Azlinah
author_facet Khidzir, Nik Zulkarnaen
Arshad, Noor Habibah
Mohamed, Azlinah
author_sort Khidzir, Nik Zulkarnaen
title Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed
title_short Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed
title_full Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed
title_fullStr Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed
title_full_unstemmed Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed
title_sort conceptual framework on information security risk management in information technology outsourcing / nik zulkarnaen khidzir, noor habibah arshad and azlinah mohamed
publisher CMIWS and UiTM Press
publishDate 2010
url http://ir.uitm.edu.my/id/eprint/10953/
http://ir.uitm.edu.my/id/eprint/10953/1/AJ_NIK%20ZULKARNAEN%20KHIDZIR%20JMIW%2010.pdf
first_indexed 2023-09-18T22:47:49Z
last_indexed 2023-09-18T22:47:49Z
_version_ 1777417343276679168