Abstract
The trend of information technology outsourcing (ITO) to service providers (SPs) is growing. SPs bring improvements through transformation projects and migrate outsourced scopes to their service delivery platforms (SDPs). For realizing economies of scales for themselves, and improving the information security and bringing efficiencies for their clients, the SPs implement machine-learning-based automation (MLA) for ITO service delivery on SDPs. However, MLA is not a silver bullet and exposes the outsourced scopes to new types of information security risks (ISRs). This paper aims at exploring those ISRs and understanding their implications. It applies agency theory to examine differing viewpoints of multiple organizations engaged in an ITO relationship. The study investigates an ITO setup of three organizations in the telecom industry. To gain insights into ISR implications, a qualitative approach was followed using a case study method and data was collected through interviews. Adversarial attack scenarios, ISRs and ISR implications on ITO service delivery are presented. To the best of our knowledge, it is the first study investigating the ISRs of MLA in ITO service delivery.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ISO 37500:2014 Guidance on outsourcing. Standard, International Organization for Standardization, November 2014. https://www.iso.org/standard/56269.html
Ahmed Nacer, A., Godart, C., Rosinosky, G., Tari, A., Youcef, S.: Business process outsourcing to the cloud: balancing costs with security risks. Comput. Ind. 104, 59–74 (2019). https://doi.org/10.1016/j.compind.2018.10.003
Al-Hawari, F., Barham, H.: A machine learning based help desk system for it service management. J. King Saud Univ. Comput. Inf. Sci. 17 (2019). https://doi.org/10.1016/j.jksuci.2019.04.001
Babin, R., Quayle, A.: ISO 37500 - comparing outsourcing life-cycle models. Strateg. Outsourcing Int. J. 9(3), 271–286 (2016)
Bahli, B., Rivard, S.: The information technology outsourcing risk: a transaction cost and agency theory-based perspective. In: Willcocks, L.P., Lacity, M.C., Sauer, C. (eds.) Outsourcing and Offshoring Business Services, pp. 53–77. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52651-5_3
Bhatti, B.M., Mubarak, S., Nagalingam, S.: A framework for information security risk management in it outsourcing. In: Australasian Conference on Information Systems, December 2017
Chelliah, P.R., Kumar, S.A.: A cloud-based service delivery platform for effective homeland security. In: IEEE 4th International Conference on Cyber Security and Cloud Computing, pp. 157–162 (2017)
Creswell, J.W., Creswell, J.D.: Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, 5th edn. SAGE Publications Inc., Thousand Oaks (2018)
Dhillon, G., Syed, R., de Sá-Soares, F.: Information security concerns in it outsourcing: identifying (in) congruence between clients and vendors. Inf. Manag. 54(4), 452–464 (2017). https://doi.org/10.1016/j.im.2016.10.002
Garcia, R., Sreekanti, V., Yadwadkar, N., Crankshaw, D., Gonzalez, J.E., Hellerstein, J.M.: Context: the missing piece in the machine learning lifecycle. In: KDD CMI Workshop, vol. 114 (2017)
Gartner: IT Outsourcing. Report, Gartner Inc. (2017). http://www.gartner.com/it-glossary/it-outsourcing
González, R., Gascó, J., Llopis, J.: Information systems outsourcing reasons and risks: review and evolution. J. Glob. Inf. Technol. Manag. 19(4), 223–249 (2016). https://doi.org/10.1080/1097198x.2016.1246932
Harreveld, B., Danaher, M., Lawson, C., Knight, B.A., Busch, G. (eds.): Constructing Methodology for Qualitative Research. Springer, Heidelberg (2016)
Hong, J.B., Nhlabatsi, A., Kim, D.S., Hussein, A., Fetais, N., Khan, K.M.: Systematic identification of threats in the cloud: a survey. Comput. Netw. 150, 46–69 (2019). https://doi.org/10.1016/j.comnet.2018.12.009
Jackson, K., Bazeley, P.: Qualitative Data Analysis with NVivo. SAGE Publications Limited (2019)
Könning, M., Westner, M., Strahringer, S.: A systematic review of recent developments in it outsourcing research. Inf. Syst. Manag. 36(1), 78–96 (2019). https://doi.org/10.1080/10580530.2018.1553650
Marcilla, J.S., de la Cámara, M., Arcilla-Cobián, M.: Do outsourcing service providers need a methodology for service delivery? Int. J. Softw. Eng. Knowl. Eng. 25(07), 1153–1169 (2015)
Miller, D.J., Xiang, Z., Kesidis, G.: Adversarial learning targeting deep neural network classification: a comprehensive review of defenses against attacks. Proc. IEEE 108(3), 402–433 (2020)
Sailer, A., Mahindru, R., Song, Y., Wei, X.: Using machine learning and probabilistic frameworks to enhance incident and problem management: automated ticket classification and structuring, pp. 2975–3012. IGI Global (2017)
National Academies of Sciences, Engineering, and Medicine: Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop. The National Academies Press, Washington, DC (2019). https://doi.org/10.17226/25488
Tambo, T., Filtenborg, J.: IT Service Management Architectures, pp. 409–421. IGI global (2019)
Truong, T.C., Diep, Q.B., Zelinka, I.: Artificial intelligence in the cyber domain: offense and defense. Symmetry 12(3), 410 (2020)
Willcocks, L., Lacity, M., Craig, A.: Robotic process automation: strategic transformation lever for global business services? J. Inf. Technol. Teach. Cases 7(1), 17–28 (2017). https://doi.org/10.1057/s41266-016-0016-9
Wulf, F., Strahringer, S., Westner, M.: Information security risks, benefits, and mitigation measures in cloud sourcing. In: 21st Conference on Business Informatics, vol. 01, pp. 258–267. IEEE (2019). https://doi.org/10.1109/CBI.2019.00036
Yin, R.K.: Case Study Research: Design and Methods, 5th edn. SAGE, Thousand Oaks (2014)
Youssef, A.E.: A framework for cloud security risk management based on the business objectives of organizations. Int. J. Adv. Comput. Sci. Appl. 10(12), 186–194 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bhatti, B.M., Mubarak, S., Nagalingam, S. (2020). Information Security Implications of Machine-Learning-Based Automation in ITO Service Delivery – An Agency Theory Perspective. In: Yang, H., Pasupa, K., Leung, A.CS., Kwok, J.T., Chan, J.H., King, I. (eds) Neural Information Processing. ICONIP 2020. Lecture Notes in Computer Science(), vol 12533. Springer, Cham. https://doi.org/10.1007/978-3-030-63833-7_41
Download citation
DOI: https://doi.org/10.1007/978-3-030-63833-7_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63832-0
Online ISBN: 978-3-030-63833-7
eBook Packages: Computer ScienceComputer Science (R0)