Outsource or not? An AHP Based Decision Model for Information Security Management

IF 1.5 Q3 MANAGEMENT
Luka Jelovčan, Anže Mihelič, Kaja Prislan
{"title":"Outsource or not? An AHP Based Decision Model for Information Security Management","authors":"Luka Jelovčan, Anže Mihelič, Kaja Prislan","doi":"10.2478/orga-2022-0010","DOIUrl":null,"url":null,"abstract":"Abstract Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities. Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model. Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations. Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.","PeriodicalId":44901,"journal":{"name":"Organizacija","volume":"55 1","pages":"142 - 159"},"PeriodicalIF":1.5000,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Organizacija","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/orga-2022-0010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"MANAGEMENT","Score":null,"Total":0}
引用次数: 1

Abstract

Abstract Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities. Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model. Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations. Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.
是否外包?基于AHP的信息安全管理决策模型
摘要目的:外包信息安全已被证明是信息安全管理的有效解决方案;然而,它可能不是最适合每个组织的方法。这项研究旨在开发一个多标准决策模型,使组织能够确定哪种信息安全管理方法(外包或内部管理)更适合其需求和能力。方法:本研究采用了几种不同的研究方法。首先,通过审查相关工作来确定决策标准,然后由信息安全专家在焦点小组中进行选择。其次,在信息安全从业人员中进行了一项调查,以分配标准权重。第三,对四个真实世界的组织进行了四个用例,以评估所开发模型的可用性、易用性和有用性。结果:我们建立了一个基于层次分析法的十准则模型。调查结果表明,绩效相关标准比注重效率的标准更重要。来自用例的证据证明,决策模型对各种组织都是有用和合适的。结论:为了就信息安全管理做出明智的决定,各组织必须首先对其能力和需求进行彻底分析,并调查潜在的外部承包商。在这种情况下,拟议的模式可以作为决策过程中的一个有用的支持工具,以获得针对实际情况的明确建议。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Organizacija
Organizacija MANAGEMENT-
CiteScore
3.50
自引率
15.80%
发文量
15
审稿时长
16 weeks
期刊介绍: Organizacija (Journal of Management, Information Systems and Human Resources) is an interdisciplinary peer reviewed journal that seeks both theoretical and practical papers devoted to managerial aspects of the subject matter indicated in the title. In particular the journal focuses on papers which cover state-of art developments in the subject area of the journal, its implementation and use in the organizational practice. Organizacija is covered by numerous Abstracting & Indexing services, including SCOPUS.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信