A framework for outsourcing IS/IT security services

Information Management and Computer Security

Volumn 14, Issue 5, 2006, Pages 402-415

  Karyda, Maria ^a   Mitrou, Evangelia ^a   Quirchmayr, Gerald ^b  

^a UNIVERSITY OF THE AEGEAN   (Greece)

^b UNIVERSITY OF VIENNA   (Austria)

Author keywords

Communication technologies; Data security; European directives; Information systems; Outsourcing

Indexed keywords

COMMUNICATION TECHNOLOGIES; INFORMATION SYSTEMS; SECURITY OUTSOURCING;

DATA COMMUNICATION SYSTEMS; DATA PRIVACY; INFORMATION MANAGEMENT; MANAGEMENT INFORMATION SYSTEMS; OUTSOURCING;

SECURITY OF DATA;

EID: 33749496395     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220610707421     Document Type: Review

References (28)

1. Allen, J., Gabbard, D. and May, C. (2003), Outsourcing Managed Security Services Authors, Software Engineering Institute, Carnegie Mellon.
2. Basel II Risk Management Committee of European Banking Supervisors (2005), CEBS CP 10, Guidelines on the Implementation, Validation and Assessment of Advanced Measurement (AMA) and Internal Ratings Based (IRB) Approaches, July.
3. Dammann, U. and Simitis, S. (1997), EG-Datenschutzrichtlinie-Kommentar.
4. Deloitte (2005), Calling a Change in the Outsourcing Market, Deloitte Development LLC, April, available at: www.deloitte.com/.
5. Dhillon, G. (1997), Managing Information System Security, Macmillan Press, Basingstoke.
6. Dhillon, G. and Backhouse, J. (2000), "Information system security management in the new millennium", Communications of the ACM, Vol. 43 No. 7, pp. 125-8.
7. DTI (2004), Information Security Breaches Survey 2004, Technical Report, Department of Trade and Industry, London.
8. EUDP (1995), "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data", Official Journal L 281, November 23 1995, pp. 31-50.
9. EUEC (2000), "Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services", in particular electronic commerce, in the internal market (Directive on electronic commerce).
10. European Commission (1998), Handbook on Cost-effective Compliance with Directive 95/46/EC, European Commission, Brussels.
11. Goo, J., Kishore, R. and Rao, H. (2000), "A content-analytic longitudinal study of the drivers for information technology and systems sourcing", Proceedings of the 21st International Conference on Information Systems, Brisbane, Queensland, Australia, December 10-13, pp. 601-11.
12. Goodwin, B. (2004), "Companies are at risk from staff ignorance", Computer Weekly, 00104787, January 27.
13. Holvast, J., Madsen, W. and Roth, P. (Eds) (2000), The Global Encyclopaedia of Data Protection Regulation, Kluwer Law International, Looseleaf.
14. Kern, T., Lacity, M. and Willcocks, L. (2002), Netsourcing: Renting Business Applications and Services over a Network, Prentice-Hall, New York, NY.
15. Khalfan, A. (2004), "Information security considerations in IS/IT outsourcing projects: A descriptive case study of two sectors", International Journal of Information Management, Vol. 24, pp. 29-42.
16. Kim, S. and Chung, Y. (2003), "Critical success factors for IS outsourcing implementation from an interorganizational relationship perspective", Journal of Computing Information Systems, Vol. 43 No. 4, pp. 81-90.
17. Lacity, M.C. and Willcocks, L. (1998), "An empirical investigation of information technology sourcing practices: Lessons from experience", Management Information Systems Quarterly, Vol. 22 No. 3, pp. 363-408.
18. Nosworthy, J. (2000), "Implementing Information Security in the 21st century - do you have the balancing factors?", Computers and Security, Vol. 19, pp. 337-47.
19. Palmer, M. (2001), "Information security policy framework: Best practices for security policy in the e-commerce age", Information Systems Security, May/June, pp. 13-27.
20. Rohde, F. (2004), "IS/IT outsourcing practices of small- and medium-sized manufacturers", International Journal of Accounting Information Systems, Vol. 5, pp. 429-51.
21. Sarbanes Oxley Act (2002), H. R.3763.
22. Simitis, S. (Ed.) (2003), Kommentar zum Bundesdatenschutzgesetz, Baden-Baden.
23. Siponen, M. (2000), "A conceptual foundation for organizational information security awareness", Information Management & Computer Security, Vol. 8 No. 1, pp. 31-41.
24. Von Solms, B. (2001), "Corporate governance and information security", Computers and Security, Vol. 20, pp. 215-8.
25. Whitworth, M. (2005), "Outsourced security - the benefits and risks", Network Security, October, pp. 16-19.
26. Yang, C. and Huang, J. (2000), "A decision model for IS outsourcing", International Journal of Information Management, Vol. 20 No. 3, pp. 225-39.
27. European Commission (2003), First Report on the Implementation of the Data Protection Directive, European Commission, Brussels.
28. Rüling, C. (2005), "Popular concepts and the business management press", Scandinavian Journal of Managament, Vol. 21, pp. 177-95.