IT外包中的信息安全风险管理——四分之一世纪的系统文献综述

IF 3 4区管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE

Journal of Global Information Technology Management Pub Date : 2021-10-02 DOI:10.1080/1097198X.2021.1993725

Baber Majid Bhatti, Sameera Mubarak, S. Nagalingam

{"title":"IT外包中的信息安全风险管理——四分之一世纪的系统文献综述","authors":"Baber Majid Bhatti, Sameera Mubarak, S. Nagalingam","doi":"10.1080/1097198X.2021.1993725","DOIUrl":null,"url":null,"abstract":"ABSTRACT Information Security Risk Management (ISRM) in Information Technology Outsourcing (ITO) is among the most critical and under-studied areas of ITO research. This study investigates the body of knowledge focusing on ISRM in ITO by conducting a systematic literature review (SLR) and analyzes 63 papers published between 1994 and 2020. The findings suggest that developing conceptual models or providing commentary is the most popular methodology. Most studies collect data from secondary sources instead of industry. A majority of the studies neither investigate any specific industry nor ITO orientation, i.e., client or service providers. Information security risks (ISRs) from the literature are categorized into 27 types. Most ISRs belong to operations practice, while lack of staff loyalty is the least investigated type of ISRs. Theories, frameworks and models discussed in the literature are explored. A critical analysis of the findings is conducted to identify the gaps and future directions. Since most of the literature is based on conceptual work, it is hard for practitioners to apply this knowledge in the industry unless validated by further research. Specialized literature from the perspectives of ITO orientation, industry type and demographics is required to investigate focused issues and develop accurate knowledge of ISRM in ITO.","PeriodicalId":45982,"journal":{"name":"Journal of Global Information Technology Management","volume":"159 1","pages":"259 - 298"},"PeriodicalIF":3.0000,"publicationDate":"2021-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature Review\",\"authors\":\"Baber Majid Bhatti, Sameera Mubarak, S. Nagalingam\",\"doi\":\"10.1080/1097198X.2021.1993725\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT Information Security Risk Management (ISRM) in Information Technology Outsourcing (ITO) is among the most critical and under-studied areas of ITO research. This study investigates the body of knowledge focusing on ISRM in ITO by conducting a systematic literature review (SLR) and analyzes 63 papers published between 1994 and 2020. The findings suggest that developing conceptual models or providing commentary is the most popular methodology. Most studies collect data from secondary sources instead of industry. A majority of the studies neither investigate any specific industry nor ITO orientation, i.e., client or service providers. Information security risks (ISRs) from the literature are categorized into 27 types. Most ISRs belong to operations practice, while lack of staff loyalty is the least investigated type of ISRs. Theories, frameworks and models discussed in the literature are explored. A critical analysis of the findings is conducted to identify the gaps and future directions. Since most of the literature is based on conceptual work, it is hard for practitioners to apply this knowledge in the industry unless validated by further research. Specialized literature from the perspectives of ITO orientation, industry type and demographics is required to investigate focused issues and develop accurate knowledge of ISRM in ITO.\",\"PeriodicalId\":45982,\"journal\":{\"name\":\"Journal of Global Information Technology Management\",\"volume\":\"159 1\",\"pages\":\"259 - 298\"},\"PeriodicalIF\":3.0000,\"publicationDate\":\"2021-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Global Information Technology Management\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.1080/1097198X.2021.1993725\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Global Information Technology Management","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1080/1097198X.2021.1993725","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}

引用次数: 3

摘要

信息技术外包(ITO)中的信息安全风险管理(ISRM)是ITO研究中最关键和研究不足的领域之一。本研究通过系统文献综述(SLR)对ITO中ISRM的知识体系进行了调查，并分析了1994年至2020年间发表的63篇论文。研究结果表明，开发概念模型或提供评论是最流行的方法。大多数研究收集的数据来自二手来源，而不是行业。大多数研究既没有调查任何特定的行业，也没有调查ITO的方向，即客户或服务提供商。文献中将信息安全风险(ISRs)分为27种类型。大多数isr属于运营实践，而缺乏员工忠诚度是研究最少的isr类型。探讨了文献中讨论的理论、框架和模型。对调查结果进行了批判性分析，以确定差距和未来的方向。由于大多数文献都是基于概念性工作，从业者很难将这些知识应用于行业，除非得到进一步研究的验证。需要从ITO方向，行业类型和人口统计学角度的专业文献来调查重点问题并开发ITO ISRM的准确知识。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature Review

ABSTRACT Information Security Risk Management (ISRM) in Information Technology Outsourcing (ITO) is among the most critical and under-studied areas of ITO research. This study investigates the body of knowledge focusing on ISRM in ITO by conducting a systematic literature review (SLR) and analyzes 63 papers published between 1994 and 2020. The findings suggest that developing conceptual models or providing commentary is the most popular methodology. Most studies collect data from secondary sources instead of industry. A majority of the studies neither investigate any specific industry nor ITO orientation, i.e., client or service providers. Information security risks (ISRs) from the literature are categorized into 27 types. Most ISRs belong to operations practice, while lack of staff loyalty is the least investigated type of ISRs. Theories, frameworks and models discussed in the literature are explored. A critical analysis of the findings is conducted to identify the gaps and future directions. Since most of the literature is based on conceptual work, it is hard for practitioners to apply this knowledge in the industry unless validated by further research. Specialized literature from the perspectives of ITO orientation, industry type and demographics is required to investigate focused issues and develop accurate knowledge of ISRM in ITO.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Global Information Technology Management INFORMATION SCIENCE & LIBRARY SCIENCE-

CiteScore

4.10

自引率

10.00%

发文量

期刊介绍： The Journal of Global Information Technology Management (JGITM) is a refereed international journal that is supported by Global IT scholars from all over the world. JGITM publishes articles related to all aspects of the application of information technology for international business. The journal also considers a variety of methodological approaches and encourages manuscript submissions from authors all over the world, both from academia and industry. In addition, the journal will also include reviews of MIS books that have bearing on global aspects. Practitioner input will be specifically solicited from time-to-time in the form of invited columns or interviews. Besides quality work, at a minimum each submitted article should have the following three components: an MIS (Management Information Systems) topic, an international orientation (e.g., cross cultural studies or strong international implications), and evidence (e.g., survey data, case studies, secondary data, etc.). Articles in the Journal of Global Information Technology Management include, but are not limited to: -Cross-cultural IS studies -Frameworks/models for global information systems (GIS) -Development, evaluation and management of GIS -Information Resource Management -Electronic Commerce -Privacy & Security -Societal impacts of IT in developing countries -IT and Economic Development -IT Diffusion in developing countries -IT in Health Care -IT human resource issues -DSS/EIS/ES in international settings -Organizational and management structures for GIS -Transborder data flow issues -Supply Chain Management -Distributed global databases and networks -Cultural and societal impacts -Comparative studies of nations -Applications and case studies