Information security risks in enabling e-Government: The impact of IT vendors

Information Systems Management

Volumn 28, Issue 4, 2011, Pages 284-293

  Berghmans, Peter ^a   van Roy, Karel ^a  

^a Lessius Mechelen University College   (Belgium)

Author keywords

E government; Information systems security; Outsourcing; Systems thinking; Value focused thinking

Indexed keywords

EID: 84855759711     PISSN: 10580530     EISSN: None     Source Type: Journal    
DOI: 10.1080/10580530.2010.514212     Document Type: Article

References (42)

1. Aubert, B. A., Party, M., & Rivard, S. (2005). A framework for information technology outsourcing risk management. The DATABASE for Advances in Information Systems, 36(4), 8-29.
2. Baskerville, R. (1993). Information systems security design methods: Implications for information systems development. ACM Computing Surveys, 25(44), 375-414.
3. Baskerville, R. (2005). Best practices in IT risk management. Cutter Benchmark Review, 5(12), 5-12.
4. Berghmans, P., Lenaerts, M., & Van Roy, K. (2007). Menselijke factoren in de informatieveiligheid van lokale besturen. Praktijkgids management locale besturen, Belgium: Kluwer.
5. Berghmans, P., Van Den Eede, G, & Van de Walle, B. (2008). A Systems Perspective on Security Risk Identification: Methodology and Illustrations from City Councils. Proceedings of the 5 International ISCRAM Conference, Washington, DC, USA, ISCRAM.
6. Blackley, J. A., & Leach, J. (1996). Security considerations in outsourcing IT services. Information Security Technical Report, 1(3), 3-4.
7. Bozeman, B., & Bretschneider, S. (1986). Public management information systems: Theory and prescription (Special issue). Public Administration Review, 46, 475-487.
8. Brown, M. M., & Brudney, J. L. (2001). Achieving advanced electronic government services: An examination of obstacles and implications from an international perspective, The National Public Management Research Conference, Bloomington, IN.
9. Buck-Lew, M. (1992). To outsource or not? International Journal of Information Management, 12, 3-20.
10. Carr, N. G. (2003). IT Doesn't Matter. Harvard Business Review, 81(5), 5-12.
11. Cordella, A., & Willcocks, L. (2009). Outsourcing, bureaucracy and public value: Reappraising the notion of the "contract state". Government Information Quarterly, 27, 82-88.
12. Currie, W. (1996). Outsourcing in the private and public sectors: An unpredictable IT strategy. European Journal of Information Systems, 4, 226-236.
13. De Haes, S., & Van Grembergen, W. (2005). IT Governance Structures, Processes and Relational Mechanisms: Achieving IT/Business Alignment in aMajor Belgian Financial Group. Proceedings of the 38th Annual Hawaii International Conference, Waikoloa, Big Island Hawaii, Jan 3-6, 2005.
14. Dhillon, G., & Backhouse, J. (2001). Current directions in IS security research: Towards socio-organizational perspectives. Information Systems Journal, 11(2), 127.
15. Dhillon, G., & Torkzadeh, G. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal, 16(3), 293-314.
16. Dibbern, J., Goles, T., Hirschheim, R., & Jayatilaka, B. (2004) Information systems outsourcing: A survey and analysis of the literature. ACM SIGMIS Database, 35, 6-102.
17. Emory, C. W., & Cooper, D. R. (1991). Business research methods. Boston, MA: Irwin.
18. Earl, M. J. (1996). The risk of outsourcing IT. Sloan Management Review, 37(3), 26-32.
19. Fink, D. (1994). A security framework for information systems outsourcing. Information Management & Computer Security, 2, 3-8.
20. Gaonjur, P., & Bokhoree, C. (2006). Risk of insider threats in information technology outsourcing: Can deceptive techniques be applied? Proceedings of Security and Management, 522.
21. ISO, B. (2005). "IEC 27002:2005." Information technology. Security techniques. Code of practice for information security management. Retrieved from http://www.iso.org/iso/catalogue_detail?csnumber=42103.
22. Karyda, M., Mitrou, E., & Quirchmayr, G. (2006). A framework for outsourcing IS/IT security services. Information Management & Computer Security, 14, 402-415.
23. Keeney, R. (1992). Value-focused thinking: A path to creative decision making. Cambridge, MA: Harvard University Press.
24. Khalfan, A. M. (2004). Information security considerations in IS/IT outsourcing projects: A descriptive case study of two sectors. International Journal of Information Management, 24, 29-42.
25. Lacity, M., & Hirschheim, R (1993). Information Systems Outsourcing. New York, NY: John Wiley & Sons.
26. Lacity, M. C., Khan, S. A., & Willcocks, L. P. (2009). A review of the IT outsourcing literature: Insights for practice. The Journal of Strategic Information Systems, 18, 130-146.
27. Moon, J., Jung, G., Chung, M., & Choe, Y. (2007). IT outsourcing for Egovernment: Lessons from IT outsourcing projects initiated by agricultural organizations of the Korean government. Proceedings of the 40th Hawaii International Conference on System Sciences (HICSS 2007), Waikoloa, Big Island Hawaii, Jan 3-6, 2007.
28. Oscarson, P. (2007). Actual and Perceived Information Systems Security. [Doctoral dissertation] Linköping University, Department of Management and Engineering.
29. OWASP (2009). OWASP Top 10 Project. OWASP. Retrieved from https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
30. Prahalad, C., & Hamel, G. (1990). The core competence of the corporation. Harvard Business Review, 68(3), 79-91.
31. Reason, J. (1990). Human error. Cambridge, UK: Cambridge University Press.
32. Renn, O. (1998). Three decades of risk research: Accomplishments and new challenges. Journal of Risk Research, 1(1), 49-71.
33. Searle, J. R. (1995). The construction of social reality, New York, NY: Penguin Books.
34. Sherwood, J. (1997). Managing security for outsourcing contracts. Computers and Security, 16, 603-609.
35. Simon, H. A. (1960). The new science of management decision, New York, NY: Wiley.
36. Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8(1), 31-41.
37. Teece, D. J. (1986). Firm boundaries, technological innovation and strategic management. In L. Thomas (Ed.), The economics of Strategic Planning (pp. 187-199), Lexington, MA: Lexington Books.
38. Vilvovsky, S. (2008). Differences between public and private IT outsourcing: Common themes in the literature, Proceedings of the 2008 international conference on Digital government research, Montreal, Canada, Digital Government Society of North America.
39. United Nations (2008). e-Government Survey 2008, From e-Government to connected Governance. Retrieved December 28t 2009 from unpan1.un.org/intradoc/groups/public/documents/UN/UNPAN028607.pdf.
40. Willcocks, L. P., Lacity, M. C., & Kern, T. (1999). Risk mitigation in IT outsourcing strategy revisited: Longitudinal case research at LISA. Journal of Strategic Information Systems, 8, 285-314.
41. Williamson, O. E. (1985). The Economic Institutions of Capitalism, New York, NY: The Free Press.
42. Yildiz, M. (2007). E-government research: Reviewing the literature, limitations, and ways forward. Government Information Quarterly, 24, 646-665.