Start Date

14-12-2012 12:00 AM

Description

The challenges of managing security have increased substantially with the advent of outsourcing and cloud computing. Service providers need to ensure that security controls correctly address the complex sets of requirements demanded by their clients. Auditors find it difficult to check whether service providers are compliant with standard security guidelines as well as organization-specific security requirements. This paper reports research-in-progress of a design science project that addresses security management in cross-organizational settings. Based on a sequence of empirical studies involving interviews and an online survey, we analyze critical activities associated with security management in cross-organizational settings from the perspective of service providers and auditors and discuss the support provided by software. The paper also lays out our plans for developing design artifacts and the theoretical framework for their evaluation.

Share

COinS
 
Dec 14th, 12:00 AM

Security Management in Cross-Organizational Settings: A Design Science Approach

The challenges of managing security have increased substantially with the advent of outsourcing and cloud computing. Service providers need to ensure that security controls correctly address the complex sets of requirements demanded by their clients. Auditors find it difficult to check whether service providers are compliant with standard security guidelines as well as organization-specific security requirements. This paper reports research-in-progress of a design science project that addresses security management in cross-organizational settings. Based on a sequence of empirical studies involving interviews and an online survey, we analyze critical activities associated with security management in cross-organizational settings from the perspective of service providers and auditors and discuss the support provided by software. The paper also lays out our plans for developing design artifacts and the theoretical framework for their evaluation.