Skip to main content
SpringerLink
Log in

Addressing Cultural Dissimilarity in the Information Security Management Outsourcing Relationship

  • Conference paper
Book cover Trust, Privacy and Security in Digital Business (TrustBus 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4657))

Abstract

Organizational culture influences the way a) information security is perceived, b) security countermeasures are adopted, and c) the organization reacts to the cultural changes of a new security program. In Information Security Management Outsourcing (ISMO), cultural differences may arise between the organization and the provider, for example conflict between the countermeasures applied by the provider and the company’s internal policies. We propose a conceptual framework of security mechanisms in order organizations that choose ISMO to identify and manage cultural dissimilarity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alner, M.: The Effects of Outsourcing on Information Security. Information Systems Security 10(2), 35–42 (2001)

    Article  Google Scholar 

  2. Bakari, J.K., Magnusson, C., Tarimo, N.C., Yngström, L.: Outsourcing Managed ICT Security Services in the Developing World, Issues and Challenges. In: Proc. of the 6TH Annual ISSA Conference, South Africa (2006)

    Google Scholar 

  3. Gordon, L., Loeb, M., Lucyshyn, W., Richardson, R.: CSI/FBI: 2006 Computer Crime and Security Survey, Computer Security Institute (2006)

    Google Scholar 

  4. Dibbern, J., Goles, T., Hirschheim, R., Jayatilaka, B.: Information systems outsourcing: a survey and analysis of the literature. ACM SIG on Management Information Systems Database 35(4), 6–102 (2004)

    Google Scholar 

  5. Eloff, J., Eloff, M.: Information Security Management - A New Paradigm. In: Proc. of South African Institute of Computer Scientists and Information Technologists, pp. 130–136 (2003)

    Google Scholar 

  6. Endorf, C.: Outsourcing Security: The needs, the risks, the providers, and the process. Information Systems Security 12(6), 17–23 (2004)

    Article  Google Scholar 

  7. Fenn, C., Shooter, R., Allan, K.: IT Security Outsourcing. Computer Law & Security Report 18(2), 109–111 (2002)

    Article  Google Scholar 

  8. Gartner.: European MSSP value trusted relationships not just Technology. Van Mien, A.D., Parveen, K., Research Note No. M-19-2948 (2003)

    Google Scholar 

  9. Gonzalez, R., Gasco, J., Llopis, J.: Information systems outsourcing success factors: A review and some results. Information Management & Computer Security 13(5), 399–418 (2005)

    Article  Google Scholar 

  10. Grover, V., Cheon, M.J., Teng, J.: The effect of service quality and partnership on the outsourcing of information systems functions. Journal of Management Information Systems 12(4), 89–116 (1996)

    Google Scholar 

  11. ISO/IEC 17799:2005.: Information technology - Security techniques - Code of practice for information security management, International Standards Association (2005)

    Google Scholar 

  12. Kahraman, E.: Evaluating IT security performance with quantifiable metrics. MSc Thesis, Stockholm University and Royal Institute of Technology, Sweden (2005)

    Google Scholar 

  13. Karyda, M., Kiountouzis, E., Kokolakis, S.: Information systems security policies: A contextual perspective. Computers & Security 24(3), 246–260 (2005)

    Article  Google Scholar 

  14. Karyda, M., Mitrou, E., Quirchmayr, G.: A framework for outsourcing IS/IT security services. Information Management & Computer Security 14(5), 402–415 (2006)

    Article  Google Scholar 

  15. Kern, T., Willcocks, L.: Exploring Information Technology outsourcing relationships: Theory and practice. Journal of Strategic Information Systems 9(4), 321–350 (2000)

    Article  Google Scholar 

  16. Lacity, M., Hirschheim, R.: The Information Systems outsourcing bandwagon. Sloan Management Review 35(1), 73–86 (1993)

    Google Scholar 

  17. Lee, J.-N., Huynh, M., Chi-wai, K., Pi, S.: The Evolution of outsourcing research: What is the next issue? In: Proc. of the 33rd Annual Hawaii International Conference on System Sciences (2000)

    Google Scholar 

  18. Lee, J.-N., Huynh, M.Q., Kwok, R.C., Pi, S.-M.: IT outsourcing evolution - past, present and future. Com. of the ACM 46(5), 84–89 (2003)

    Article  Google Scholar 

  19. Lee, J.-N., Kim, Y.-G.: Effect of partnership quality on IS outsourcing success: Conceptual framework and empirical validation. Journal of Management Information Systems 15(4), 29–61 (1999)

    Google Scholar 

  20. Martins, A., Eloff, J.: Information Security Culture. In: Proc. of IFIP TC11 17th International Conference on Information Security (SEC2002), Egypt, pp. 535–546 (2002)

    Google Scholar 

  21. Peltier, T.: Implementing an Information Security Awareness Program. Information Systems Security 14(2), 37–49 (2005)

    Article  Google Scholar 

  22. Renn, O.: The role of risk perception for risk management. Reliability Engineering and System Safety 59(1), 49–62 (1998)

    Article  Google Scholar 

  23. Schein, E.: On dialogue, culture, and organizational learning. Organizational Dynamics 22(2), 40–51 (1993)

    Article  Google Scholar 

  24. Schein, E.: Organizational culture and leadership, 2nd edn. Jossey-Bass Publishers, San Francisco (1999)

    Google Scholar 

  25. Schneier, B.: The case for outsourcing security and privacy: Building confidence in a networked world. Supplement to IEEE Computer Magazine 35(4), 20–26 (2002)

    Google Scholar 

  26. Slay, J.: IS security, trust and culture: a theoretical framework for managing IS security in multicultural settings. Campus-Wide Information Systems 20(3), 98–104 (2003)

    Article  Google Scholar 

  27. Sun, S.-Y., Lin, T.-C., Sun, P.-C.: The factors influencing information systems outsourcing partnership - A study integrating case study and survey research methods. In: Proc. of the 35th Annual Hawaii International Conference on System Sciences, vol. 8, p. 235b (2002)

    Google Scholar 

  28. Thomson, K., von Solms, R.: Information security obedience: A definition. Computers & Security 24(1), 69–75 (2005)

    Article  Google Scholar 

  29. US National Research Council Committee on Risk Perception and Communication: Improving risk communication. National Academy Press, Washington, DC (1989)

    Google Scholar 

  30. Vroom, C., von Solms, R.: Towards information security behavioral compliance. Computers & Security 23(3), 191–198 (2004)

    Article  Google Scholar 

  31. Wilbanks, J.: Outsourcing Internet security: The life you save may be your company’s. Information Systems Security 10(2), 28–24 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos GR-83200, Greece

    Aggeliki Tsohou & Spyros Kokolakis

  2. Information Security and Critical Infrastructure Protection Research Group, Dept. of Informatics, Athens University of Economics and Business, 76 Patission Ave., Athens, GR-10434, Greece

    Marianthi Theoharidou & Dimitris Gritzalis

Authors
  1. Aggeliki Tsohou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marianthi Theoharidou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Spyros Kokolakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dimitris Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Costas Lambrinoudakis Günther Pernul A Min Tjoa

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tsohou, A., Theoharidou, M., Kokolakis, S., Gritzalis, D. (2007). Addressing Cultural Dissimilarity in the Information Security Management Outsourcing Relationship. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74409-2_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74408-5

  • Online ISBN: 978-3-540-74409-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation