是否外包?基于AHP的信息安全管理决策模型

IF 1.5 Q3 MANAGEMENT

Organizacija Pub Date : 2022-05-01 DOI:10.2478/orga-2022-0010

Luka Jelovčan, Anže Mihelič, Kaja Prislan

{"title":"是否外包?基于AHP的信息安全管理决策模型","authors":"Luka Jelovčan, Anže Mihelič, Kaja Prislan","doi":"10.2478/orga-2022-0010","DOIUrl":null,"url":null,"abstract":"Abstract Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities. Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model. Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations. Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.","PeriodicalId":44901,"journal":{"name":"Organizacija","volume":"55 1","pages":"142 - 159"},"PeriodicalIF":1.5000,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Outsource or not? An AHP Based Decision Model for Information Security Management\",\"authors\":\"Luka Jelovčan, Anže Mihelič, Kaja Prislan\",\"doi\":\"10.2478/orga-2022-0010\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities. Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model. Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations. Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.\",\"PeriodicalId\":44901,\"journal\":{\"name\":\"Organizacija\",\"volume\":\"55 1\",\"pages\":\"142 - 159\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2022-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Organizacija\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2478/orga-2022-0010\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"MANAGEMENT\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Organizacija","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/orga-2022-0010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"MANAGEMENT","Score":null,"Total":0}

引用次数: 1

摘要

摘要目的：外包信息安全已被证明是信息安全管理的有效解决方案；然而，它可能不是最适合每个组织的方法。这项研究旨在开发一个多标准决策模型，使组织能够确定哪种信息安全管理方法（外包或内部管理）更适合其需求和能力。方法：本研究采用了几种不同的研究方法。首先，通过审查相关工作来确定决策标准，然后由信息安全专家在焦点小组中进行选择。其次，在信息安全从业人员中进行了一项调查，以分配标准权重。第三，对四个真实世界的组织进行了四个用例，以评估所开发模型的可用性、易用性和有用性。结果：我们建立了一个基于层次分析法的十准则模型。调查结果表明，绩效相关标准比注重效率的标准更重要。来自用例的证据证明，决策模型对各种组织都是有用和合适的。结论：为了就信息安全管理做出明智的决定，各组织必须首先对其能力和需求进行彻底分析，并调查潜在的外部承包商。在这种情况下，拟议的模式可以作为决策过程中的一个有用的支持工具，以获得针对实际情况的明确建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Outsource or not? An AHP Based Decision Model for Information Security Management

Abstract Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities. Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model. Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations. Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Organizacija MANAGEMENT-

CiteScore

3.50

自引率

15.80%

发文量

审稿时长

16 weeks

期刊介绍： Organizacija (Journal of Management, Information Systems and Human Resources) is an interdisciplinary peer reviewed journal that seeks both theoretical and practical papers devoted to managerial aspects of the subject matter indicated in the title. In particular the journal focuses on papers which cover state-of art developments in the subject area of the journal, its implementation and use in the organizational practice. Organizacija is covered by numerous Abstracting & Indexing services, including SCOPUS.