Evaluation of Vulnerability Risk Factor: Critical ICT Outsourcing project characteristics

Business Strategist and Technologist Implementers realized that ICT Outsourcing was one of the most successful strategies for ICT operational cost cutting and solved the shortage of ICT expertise or resources to implement an ICT project and services. Unfortunately, the strategy cause's other significant risks that could interrupt the ICT outsourcing venture's success. Information Security Risk (ISR) was considered among the critical significant risk in ICT Outsourcing project. Therefore the objective of this study is to explore the information security Vulnerabilities Risks Factor (VRF) critical level for ICT Outsourcing project characteristics through exploratory analysis approach. About 300 government agencies and private companies from various industries in Malaysia involved in the survey. However, 36% response was analyzed as a sample for the study population. Thus, Vulnerability Risks Factor (VRF) critical level was analyzed and discussed for each common ICT Outsourcing project characteristics implemented in Malaysia. The results of the analysis discovered the evidence of those ICT outsourcing project characteristics, risks exploited through Vulnerabilities Risks Factor (VRF). Several highly critical ICT outsourcing project characteristics were project team size between 10 to 99 members (33.6%), medium size project (28.2%) and outsource the ICT project to more than one service provider. The findings could be used as an indicator for organizations to prepare more effective information security management plan for ICT Outsourcing project. Eventually, the organization could give more priority to the specific ICT Outsourcing project characteristic where the Vulnerability Risks Factor (VRF) level is critical.