Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature Review

IF 3 4区 管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE
Baber Majid Bhatti, Sameera Mubarak, S. Nagalingam
{"title":"Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature Review","authors":"Baber Majid Bhatti, Sameera Mubarak, S. Nagalingam","doi":"10.1080/1097198X.2021.1993725","DOIUrl":null,"url":null,"abstract":"ABSTRACT Information Security Risk Management (ISRM) in Information Technology Outsourcing (ITO) is among the most critical and under-studied areas of ITO research. This study investigates the body of knowledge focusing on ISRM in ITO by conducting a systematic literature review (SLR) and analyzes 63 papers published between 1994 and 2020. The findings suggest that developing conceptual models or providing commentary is the most popular methodology. Most studies collect data from secondary sources instead of industry. A majority of the studies neither investigate any specific industry nor ITO orientation, i.e., client or service providers. Information security risks (ISRs) from the literature are categorized into 27 types. Most ISRs belong to operations practice, while lack of staff loyalty is the least investigated type of ISRs. Theories, frameworks and models discussed in the literature are explored. A critical analysis of the findings is conducted to identify the gaps and future directions. Since most of the literature is based on conceptual work, it is hard for practitioners to apply this knowledge in the industry unless validated by further research. Specialized literature from the perspectives of ITO orientation, industry type and demographics is required to investigate focused issues and develop accurate knowledge of ISRM in ITO.","PeriodicalId":45982,"journal":{"name":"Journal of Global Information Technology Management","volume":"159 1","pages":"259 - 298"},"PeriodicalIF":3.0000,"publicationDate":"2021-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Global Information Technology Management","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1080/1097198X.2021.1993725","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 3

Abstract

ABSTRACT Information Security Risk Management (ISRM) in Information Technology Outsourcing (ITO) is among the most critical and under-studied areas of ITO research. This study investigates the body of knowledge focusing on ISRM in ITO by conducting a systematic literature review (SLR) and analyzes 63 papers published between 1994 and 2020. The findings suggest that developing conceptual models or providing commentary is the most popular methodology. Most studies collect data from secondary sources instead of industry. A majority of the studies neither investigate any specific industry nor ITO orientation, i.e., client or service providers. Information security risks (ISRs) from the literature are categorized into 27 types. Most ISRs belong to operations practice, while lack of staff loyalty is the least investigated type of ISRs. Theories, frameworks and models discussed in the literature are explored. A critical analysis of the findings is conducted to identify the gaps and future directions. Since most of the literature is based on conceptual work, it is hard for practitioners to apply this knowledge in the industry unless validated by further research. Specialized literature from the perspectives of ITO orientation, industry type and demographics is required to investigate focused issues and develop accurate knowledge of ISRM in ITO.
IT外包中的信息安全风险管理——四分之一世纪的系统文献综述
信息技术外包(ITO)中的信息安全风险管理(ISRM)是ITO研究中最关键和研究不足的领域之一。本研究通过系统文献综述(SLR)对ITO中ISRM的知识体系进行了调查,并分析了1994年至2020年间发表的63篇论文。研究结果表明,开发概念模型或提供评论是最流行的方法。大多数研究收集的数据来自二手来源,而不是行业。大多数研究既没有调查任何特定的行业,也没有调查ITO的方向,即客户或服务提供商。文献中将信息安全风险(ISRs)分为27种类型。大多数isr属于运营实践,而缺乏员工忠诚度是研究最少的isr类型。探讨了文献中讨论的理论、框架和模型。对调查结果进行了批判性分析,以确定差距和未来的方向。由于大多数文献都是基于概念性工作,从业者很难将这些知识应用于行业,除非得到进一步研究的验证。需要从ITO方向,行业类型和人口统计学角度的专业文献来调查重点问题并开发ITO ISRM的准确知识。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Global Information Technology Management
Journal of Global Information Technology Management INFORMATION SCIENCE & LIBRARY SCIENCE-
CiteScore
4.10
自引率
10.00%
发文量
19
期刊介绍: The Journal of Global Information Technology Management (JGITM) is a refereed international journal that is supported by Global IT scholars from all over the world. JGITM publishes articles related to all aspects of the application of information technology for international business. The journal also considers a variety of methodological approaches and encourages manuscript submissions from authors all over the world, both from academia and industry. In addition, the journal will also include reviews of MIS books that have bearing on global aspects. Practitioner input will be specifically solicited from time-to-time in the form of invited columns or interviews. Besides quality work, at a minimum each submitted article should have the following three components: an MIS (Management Information Systems) topic, an international orientation (e.g., cross cultural studies or strong international implications), and evidence (e.g., survey data, case studies, secondary data, etc.). Articles in the Journal of Global Information Technology Management include, but are not limited to: -Cross-cultural IS studies -Frameworks/models for global information systems (GIS) -Development, evaluation and management of GIS -Information Resource Management -Electronic Commerce -Privacy & Security -Societal impacts of IT in developing countries -IT and Economic Development -IT Diffusion in developing countries -IT in Health Care -IT human resource issues -DSS/EIS/ES in international settings -Organizational and management structures for GIS -Transborder data flow issues -Supply Chain Management -Distributed global databases and networks -Cultural and societal impacts -Comparative studies of nations -Applications and case studies
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信