Abstract

IT security outsourcing is the process of contracting a third-party security service provider to perform, the full or partial IT security functions of an organization. Little is known about the factors influencing organizational decisions in outsourcing such a critical function. Our review of the research and practice literature identified several managerial factors (e.g., cost-benefit, inability to cope with the threat environment) and legal factors (e.g., regulatory/legal compliance). We found research in IT security outsourcing to be immature and the focus areas not addressing the critical issues facing industry practice. We, therefore, present a research agenda consisting of fifteen questions to address five key gaps relating to knowledge of IT security outsourcing – i.e., the effectiveness of the outcome, lived experience of the practice, the temporal dimension, multi-stakeholder perspectives, and the impact on IT security practices, particularly agility in incident response.

Share

COinS