Factors Impacting Information Security Risk Management in IT Outsourcing: An Agency Theory Perspective

Authors

Baber Majid Bhatti, University of South AustraliaFollow
Sameera Mubarak, University of South AustraliaFollow
Sev Nagalingam, University of South AustraliaFollow

Paper Type

FP

Paper Number

427

Abstract

Modern businesses increasingly depend on other service organisations. Hence IT outsourcing (ITO) is on the rise and is now a USD multi-trillion industry. Nevertheless, the success rate is low, suggesting the need for scrupulous risk management in ITO. The researchers have long raised information security risk management (ISRM) among the top concerns in ITO. This paper investigates the factors impacting ISRM in ITO. The study follows a qualitative approach using the case study method. Data were collected through semi-structured interviews. Three organisations with distinct ITO orientations were investigated. The investigation applied the technology-organisationenvironment framework supplemented with agency theory to suit the ITO context of this research. The study presents the findings in a seven-dimensional framework - technology, organisation, people, process, legal, environment and strategy (TOPPLES) framework. The framework was verified through a focus group

Recommended Citation

Bhatti, Baber Majid; Mubarak, Sameera; and Nagalingam, Sev, "Factors Impacting Information Security Risk Management in IT Outsourcing: An Agency Theory Perspective" (2021). PACIS 2021 Proceedings. 16.
https://aisel.aisnet.org/pacis2021/16