Baber Majid Bhatti, Sameera Mubarak, S. Nagalingam
{"title":"Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature Review","authors":"Baber Majid Bhatti, Sameera Mubarak, S. Nagalingam","doi":"10.1080/1097198X.2021.1993725","DOIUrl":null,"url":null,"abstract":"ABSTRACT Information Security Risk Management (ISRM) in Information Technology Outsourcing (ITO) is among the most critical and under-studied areas of ITO research. This study investigates the body of knowledge focusing on ISRM in ITO by conducting a systematic literature review (SLR) and analyzes 63 papers published between 1994 and 2020. The findings suggest that developing conceptual models or providing commentary is the most popular methodology. Most studies collect data from secondary sources instead of industry. A majority of the studies neither investigate any specific industry nor ITO orientation, i.e., client or service providers. Information security risks (ISRs) from the literature are categorized into 27 types. Most ISRs belong to operations practice, while lack of staff loyalty is the least investigated type of ISRs. Theories, frameworks and models discussed in the literature are explored. A critical analysis of the findings is conducted to identify the gaps and future directions. Since most of the literature is based on conceptual work, it is hard for practitioners to apply this knowledge in the industry unless validated by further research. Specialized literature from the perspectives of ITO orientation, industry type and demographics is required to investigate focused issues and develop accurate knowledge of ISRM in ITO.","PeriodicalId":45982,"journal":{"name":"Journal of Global Information Technology Management","volume":"159 1","pages":"259 - 298"},"PeriodicalIF":3.0000,"publicationDate":"2021-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Global Information Technology Management","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1080/1097198X.2021.1993725","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 3
Abstract
ABSTRACT Information Security Risk Management (ISRM) in Information Technology Outsourcing (ITO) is among the most critical and under-studied areas of ITO research. This study investigates the body of knowledge focusing on ISRM in ITO by conducting a systematic literature review (SLR) and analyzes 63 papers published between 1994 and 2020. The findings suggest that developing conceptual models or providing commentary is the most popular methodology. Most studies collect data from secondary sources instead of industry. A majority of the studies neither investigate any specific industry nor ITO orientation, i.e., client or service providers. Information security risks (ISRs) from the literature are categorized into 27 types. Most ISRs belong to operations practice, while lack of staff loyalty is the least investigated type of ISRs. Theories, frameworks and models discussed in the literature are explored. A critical analysis of the findings is conducted to identify the gaps and future directions. Since most of the literature is based on conceptual work, it is hard for practitioners to apply this knowledge in the industry unless validated by further research. Specialized literature from the perspectives of ITO orientation, industry type and demographics is required to investigate focused issues and develop accurate knowledge of ISRM in ITO.
期刊介绍:
The Journal of Global Information Technology Management (JGITM) is a refereed international journal that is supported by Global IT scholars from all over the world. JGITM publishes articles related to all aspects of the application of information technology for international business. The journal also considers a variety of methodological approaches and encourages manuscript submissions from authors all over the world, both from academia and industry. In addition, the journal will also include reviews of MIS books that have bearing on global aspects. Practitioner input will be specifically solicited from time-to-time in the form of invited columns or interviews. Besides quality work, at a minimum each submitted article should have the following three components: an MIS (Management Information Systems) topic, an international orientation (e.g., cross cultural studies or strong international implications), and evidence (e.g., survey data, case studies, secondary data, etc.). Articles in the Journal of Global Information Technology Management include, but are not limited to: -Cross-cultural IS studies -Frameworks/models for global information systems (GIS) -Development, evaluation and management of GIS -Information Resource Management -Electronic Commerce -Privacy & Security -Societal impacts of IT in developing countries -IT and Economic Development -IT Diffusion in developing countries -IT in Health Care -IT human resource issues -DSS/EIS/ES in international settings -Organizational and management structures for GIS -Transborder data flow issues -Supply Chain Management -Distributed global databases and networks -Cultural and societal impacts -Comparative studies of nations -Applications and case studies
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
