Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed

Data security and protection are seriously considered as information security risk for information asset in IT outsourcing (ITO). Therefore, risk management and analysis for security management is an approach to determine which security controls are appropriate and cost effective to be implemented a...

Full description

Saved in:
Bibliographic Details
Main Authors: Khidzir, Nik Zulkarnaen (Author), Arshad, Noor Habibah (Author), Mohamed, Azlinah (Author)
Format: Book
Published: CMIWS and UiTM Press, 2010.
Subjects:
Online Access:Link Metadata
Tags: Add Tag
No Tags, Be the first to tag this record!

MARC

LEADER 00000 am a22000003u 4500
001 repouitm_10953
042 |a dc 
100 1 0 |a Khidzir, Nik Zulkarnaen  |e author 
700 1 0 |a Arshad, Noor Habibah  |e author 
700 1 0 |a Mohamed, Azlinah  |e author 
245 0 0 |a Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed 
260 |b CMIWS and UiTM Press,   |c 2010. 
500 |a https://ir.uitm.edu.my/id/eprint/10953/1/AJ_NIK%20ZULKARNAEN%20KHIDZIR%20JMIW%2010.pdf 
520 |a Data security and protection are seriously considered as information security risk for information asset in IT outsourcing (ITO). Therefore, risk management and analysis for security management is an approach to determine which security controls are appropriate and cost effective to be implemented across organization for ITO to secure data/information asset. However, previous established approach does not extensively focus into information security risk in ITO. For that reason, a conceptual framework on information security risk management in IT outsourcing (ISRM-ITO) will be introduced throughout this paper. An extensive amount of literature review on fundamental concepts, theoretical background and previous findings on information security risk management and ITO had been conducted. Throughout the review, theoretical foundation and the process that lead to success in managing information security risk ITO were identified and these findings become a key component in developing the conceptual framework. ISRM-ITO conceptual framework consists of two layers. The first layer concentrates on information security risks identification and analysis before the decision is made to outsource it. The second layer will cover the approach of information security risk management which is used to analyze, mitigate and monitor risks for the rest of the ITO lifecycle. Proposed conceptual framework could improve organization practices in information security study for IT outsourcing through the adoption of risk management approach. Finally, an approach to determine a cost effective security control for information security risk can be implemented successfully in the ITO cycle. 
546 |a en 
690 |a Contracting. Letting of contracts. Contracting out 
690 |a Electronic data processing. Information technology. Knowledge economy. Including artificial intelligence and knowledge management 
690 |a Risk management. Risk in industry. Operational risk 
655 7 |a Article  |2 local 
655 7 |a PeerReviewed  |2 local 
787 0 |n https://ir.uitm.edu.my/id/eprint/10953/ 
787 0 |n https://jmiw.uitm.edu.my/ 
856 4 1 |u https://ir.uitm.edu.my/id/eprint/10953/  |z Link Metadata