Abstract
Organizational culture influences the way a) information security is perceived, b) security countermeasures are adopted, and c) the organization reacts to the cultural changes of a new security program. In Information Security Management Outsourcing (ISMO), cultural differences may arise between the organization and the provider, for example conflict between the countermeasures applied by the provider and the company’s internal policies. We propose a conceptual framework of security mechanisms in order organizations that choose ISMO to identify and manage cultural dissimilarity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alner, M.: The Effects of Outsourcing on Information Security. Information Systems Security 10(2), 35–42 (2001)
Bakari, J.K., Magnusson, C., Tarimo, N.C., Yngström, L.: Outsourcing Managed ICT Security Services in the Developing World, Issues and Challenges. In: Proc. of the 6TH Annual ISSA Conference, South Africa (2006)
Gordon, L., Loeb, M., Lucyshyn, W., Richardson, R.: CSI/FBI: 2006 Computer Crime and Security Survey, Computer Security Institute (2006)
Dibbern, J., Goles, T., Hirschheim, R., Jayatilaka, B.: Information systems outsourcing: a survey and analysis of the literature. ACM SIG on Management Information Systems Database 35(4), 6–102 (2004)
Eloff, J., Eloff, M.: Information Security Management - A New Paradigm. In: Proc. of South African Institute of Computer Scientists and Information Technologists, pp. 130–136 (2003)
Endorf, C.: Outsourcing Security: The needs, the risks, the providers, and the process. Information Systems Security 12(6), 17–23 (2004)
Fenn, C., Shooter, R., Allan, K.: IT Security Outsourcing. Computer Law & Security Report 18(2), 109–111 (2002)
Gartner.: European MSSP value trusted relationships not just Technology. Van Mien, A.D., Parveen, K., Research Note No. M-19-2948 (2003)
Gonzalez, R., Gasco, J., Llopis, J.: Information systems outsourcing success factors: A review and some results. Information Management & Computer Security 13(5), 399–418 (2005)
Grover, V., Cheon, M.J., Teng, J.: The effect of service quality and partnership on the outsourcing of information systems functions. Journal of Management Information Systems 12(4), 89–116 (1996)
ISO/IEC 17799:2005.: Information technology - Security techniques - Code of practice for information security management, International Standards Association (2005)
Kahraman, E.: Evaluating IT security performance with quantifiable metrics. MSc Thesis, Stockholm University and Royal Institute of Technology, Sweden (2005)
Karyda, M., Kiountouzis, E., Kokolakis, S.: Information systems security policies: A contextual perspective. Computers & Security 24(3), 246–260 (2005)
Karyda, M., Mitrou, E., Quirchmayr, G.: A framework for outsourcing IS/IT security services. Information Management & Computer Security 14(5), 402–415 (2006)
Kern, T., Willcocks, L.: Exploring Information Technology outsourcing relationships: Theory and practice. Journal of Strategic Information Systems 9(4), 321–350 (2000)
Lacity, M., Hirschheim, R.: The Information Systems outsourcing bandwagon. Sloan Management Review 35(1), 73–86 (1993)
Lee, J.-N., Huynh, M., Chi-wai, K., Pi, S.: The Evolution of outsourcing research: What is the next issue? In: Proc. of the 33rd Annual Hawaii International Conference on System Sciences (2000)
Lee, J.-N., Huynh, M.Q., Kwok, R.C., Pi, S.-M.: IT outsourcing evolution - past, present and future. Com. of the ACM 46(5), 84–89 (2003)
Lee, J.-N., Kim, Y.-G.: Effect of partnership quality on IS outsourcing success: Conceptual framework and empirical validation. Journal of Management Information Systems 15(4), 29–61 (1999)
Martins, A., Eloff, J.: Information Security Culture. In: Proc. of IFIP TC11 17th International Conference on Information Security (SEC2002), Egypt, pp. 535–546 (2002)
Peltier, T.: Implementing an Information Security Awareness Program. Information Systems Security 14(2), 37–49 (2005)
Renn, O.: The role of risk perception for risk management. Reliability Engineering and System Safety 59(1), 49–62 (1998)
Schein, E.: On dialogue, culture, and organizational learning. Organizational Dynamics 22(2), 40–51 (1993)
Schein, E.: Organizational culture and leadership, 2nd edn. Jossey-Bass Publishers, San Francisco (1999)
Schneier, B.: The case for outsourcing security and privacy: Building confidence in a networked world. Supplement to IEEE Computer Magazine 35(4), 20–26 (2002)
Slay, J.: IS security, trust and culture: a theoretical framework for managing IS security in multicultural settings. Campus-Wide Information Systems 20(3), 98–104 (2003)
Sun, S.-Y., Lin, T.-C., Sun, P.-C.: The factors influencing information systems outsourcing partnership - A study integrating case study and survey research methods. In: Proc. of the 35th Annual Hawaii International Conference on System Sciences, vol. 8, p. 235b (2002)
Thomson, K., von Solms, R.: Information security obedience: A definition. Computers & Security 24(1), 69–75 (2005)
US National Research Council Committee on Risk Perception and Communication: Improving risk communication. National Academy Press, Washington, DC (1989)
Vroom, C., von Solms, R.: Towards information security behavioral compliance. Computers & Security 23(3), 191–198 (2004)
Wilbanks, J.: Outsourcing Internet security: The life you save may be your company’s. Information Systems Security 10(2), 28–24 (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tsohou, A., Theoharidou, M., Kokolakis, S., Gritzalis, D. (2007). Addressing Cultural Dissimilarity in the Information Security Management Outsourcing Relationship. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)