Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir

Information Communication Technology (ICT) services have become increasingly important in today’s business environment with most private and government agencies without sufficient resources and expertise outsourcing their ICT projects to vendors. However, this strategy could invite potentially damag...

Full description

Bibliographic Details
Main Author: Khidzir, Nik Zulkarnaen
Format: Thesis
Language:English
Published: 2013
Online Access:http://ir.uitm.edu.my/id/eprint/18328/
http://ir.uitm.edu.my/id/eprint/18328/1/ABS_NIK%20ZULKARNAEN%20KHIDZIR%20TDRA%20VOL%204%20IGS%2013.pdf
id uitm-18328
recordtype eprints
spelling uitm-183282018-10-05T01:55:19Z http://ir.uitm.edu.my/id/eprint/18328/ Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir Khidzir, Nik Zulkarnaen Information Communication Technology (ICT) services have become increasingly important in today’s business environment with most private and government agencies without sufficient resources and expertise outsourcing their ICT projects to vendors. However, this strategy could invite potentially damaging information security risks (ISRs). Subsequently, a dedicated framework for information security risk management for ICT outsourcing activities needs to be in place to address and manage its related risk factors. The research focuses on managing Information Security Risks (ISRs) in ICT outsourcing projects in a Malaysian environment. The mixed research method, combining the quantitative and qualitative was employed to achieve the research objectives. 110 respondents participated in a survey while focus groups from eight organizations were interviewed. From the quantitative study, the critical information security risks in ICT outsourcing project were identified and ranked. Furthermore, through an exploratory factor analysis, two additional critical Information Security Risk (ISR) factors were discovered, being information security management defects and the challenges of managing unexpected change of service providers. Results show that organizations practiced Information Security Risk- Identification; Information Security Risk-Analysis; Information Security Risk- Treatment Plan; Information Security Risk-Treatment Plan Implementation; Information Security Risk-Monitoring; and Information Security Risk-Control. However, there was divergence in the key activities practiced due to several factors. The findings were then used as a basis for the framework development. The framework proposed step-by-step processes, activities and guidelines to be taken in managing Information Security Risk (ISR). The case study results discovered organizations had excluded some of the processes and activities due to financial, resources and time constraints. However, the framework confirmatory done through expert-judgement proves that the framework had thoroughly assessed information security risk management from an outsourcing perspective and is applicable to ICT projects implemented in Malaysia. Fundamentally, the development of the framework will enable organizations to identify ISR factors and to urgently address them so that the full benefits of ICT outsourcing may be reaped. 2013 Thesis NonPeerReviewed text en http://ir.uitm.edu.my/id/eprint/18328/1/ABS_NIK%20ZULKARNAEN%20KHIDZIR%20TDRA%20VOL%204%20IGS%2013.pdf Khidzir, Nik Zulkarnaen (2013) Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir. PhD thesis, Universiti Teknologi MARA.
repository_type Digital Repository
institution_category Local University
institution Universiti Teknologi MARA
building UiTM Institutional Repository
collection Online Access
language English
description Information Communication Technology (ICT) services have become increasingly important in today’s business environment with most private and government agencies without sufficient resources and expertise outsourcing their ICT projects to vendors. However, this strategy could invite potentially damaging information security risks (ISRs). Subsequently, a dedicated framework for information security risk management for ICT outsourcing activities needs to be in place to address and manage its related risk factors. The research focuses on managing Information Security Risks (ISRs) in ICT outsourcing projects in a Malaysian environment. The mixed research method, combining the quantitative and qualitative was employed to achieve the research objectives. 110 respondents participated in a survey while focus groups from eight organizations were interviewed. From the quantitative study, the critical information security risks in ICT outsourcing project were identified and ranked. Furthermore, through an exploratory factor analysis, two additional critical Information Security Risk (ISR) factors were discovered, being information security management defects and the challenges of managing unexpected change of service providers. Results show that organizations practiced Information Security Risk- Identification; Information Security Risk-Analysis; Information Security Risk- Treatment Plan; Information Security Risk-Treatment Plan Implementation; Information Security Risk-Monitoring; and Information Security Risk-Control. However, there was divergence in the key activities practiced due to several factors. The findings were then used as a basis for the framework development. The framework proposed step-by-step processes, activities and guidelines to be taken in managing Information Security Risk (ISR). The case study results discovered organizations had excluded some of the processes and activities due to financial, resources and time constraints. However, the framework confirmatory done through expert-judgement proves that the framework had thoroughly assessed information security risk management from an outsourcing perspective and is applicable to ICT projects implemented in Malaysia. Fundamentally, the development of the framework will enable organizations to identify ISR factors and to urgently address them so that the full benefits of ICT outsourcing may be reaped.
format Thesis
author Khidzir, Nik Zulkarnaen
spellingShingle Khidzir, Nik Zulkarnaen
Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
author_facet Khidzir, Nik Zulkarnaen
author_sort Khidzir, Nik Zulkarnaen
title Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_short Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_full Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_fullStr Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_full_unstemmed Information security risk factors and management framework for ICT outsourcing / Nik Zulkarnaen Khidzir
title_sort information security risk factors and management framework for ict outsourcing / nik zulkarnaen khidzir
publishDate 2013
url http://ir.uitm.edu.my/id/eprint/18328/
http://ir.uitm.edu.my/id/eprint/18328/1/ABS_NIK%20ZULKARNAEN%20KHIDZIR%20TDRA%20VOL%204%20IGS%2013.pdf
first_indexed 2023-09-18T23:00:16Z
last_indexed 2023-09-18T23:00:16Z
_version_ 1777418126588116992