Browse by author
Lookup NU author(s): Moneef Almutairi, Dr Stephen RiddleORCiD
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
© 2018 Association for Computing Machinery. In recent years, IT outsourcing business practices has become widespread across different types of organizations in an endeavor to enhance their business operations and achieve competitive services. While IT outsourcing brings several benefits to organizations such as cost reductions, access to highly skilled human experts, and access to the latest technology, it has inherent risks such as security risks and the loss of control over IT assets. With the lack of a comprehensive approach for managing these security risks, outsourcing security risk management remains a practical challenge. The growing challenge of service integration across multiple outsourced IT service providers, as well as the variations in security requirements, which result from the differences in the scope of outsourced services, expand this challenge further. In our previous work, we developed a framework for managing security risks in the outsourcing context. This framework is designed to manage variation in security requirements, as well as to provide a methodology to guide organizations in security management and implementation. In this paper, we present the results of the case study that we conducted to evaluate the proposed framework. As a case study, we have used two outsourced IT projects. The proposed framework was applied to the two outsourced IT projects from the beginning of the projects’ execution until their end. The aim of this case study was to assess the ability of the proposed framework to effectively manage the security and compliance risks of IT projects in the outsourcing context. It also aimed to discover potential changes and improvements that could enhance the proposed framework’s performance when outsourcing IT projects.
Author(s): Almutairi M, Riddle S
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: ICIME 2018 Proceedings of the 2018 10th International Conference on Information Management and Engineering
Year of Conference: 2018
Pages: 21-26
Online publication date: 22/09/2018
Acceptance date: 02/04/2018
Publisher: Association for Computing Machinery
URL: https://dx.doi.org/10.1145/3285957.3285986
DOI: 10.1145/3285957.3285986
Library holdings: Search Newcastle University Library for this item
ISBN: 9781450364898