Start Date
14-12-2012 12:00 AM
Description
The challenges of managing security have increased substantially with the advent of outsourcing and cloud computing. Service providers need to ensure that security controls correctly address the complex sets of requirements demanded by their clients. Auditors find it difficult to check whether service providers are compliant with standard security guidelines as well as organization-specific security requirements. This paper reports research-in-progress of a design science project that addresses security management in cross-organizational settings. Based on a sequence of empirical studies involving interviews and an online survey, we analyze critical activities associated with security management in cross-organizational settings from the perspective of service providers and auditors and discuss the support provided by software. The paper also lays out our plans for developing design artifacts and the theoretical framework for their evaluation.
Recommended Citation
Thalmann, Stefan; Bachlechner, Daniel; and Maier, Ronald, "Security Management in Cross-Organizational Settings: A Design Science Approach" (2012). ICIS 2012 Proceedings. 41.
https://aisel.aisnet.org/icis2012/proceedings/ResearchInProgress/41
Security Management in Cross-Organizational Settings: A Design Science Approach
The challenges of managing security have increased substantially with the advent of outsourcing and cloud computing. Service providers need to ensure that security controls correctly address the complex sets of requirements demanded by their clients. Auditors find it difficult to check whether service providers are compliant with standard security guidelines as well as organization-specific security requirements. This paper reports research-in-progress of a design science project that addresses security management in cross-organizational settings. Based on a sequence of empirical studies involving interviews and an online survey, we analyze critical activities associated with security management in cross-organizational settings from the perspective of service providers and auditors and discuss the support provided by software. The paper also lays out our plans for developing design artifacts and the theoretical framework for their evaluation.