Outsource or not?
ǂan ǂAHP based decision model for information security management
Abstract
Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities.
Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model.
Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations.
Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.
Keywords
information security;decision model;analytic hierarchy process;AHP;management;outsourcing;
Data
| Language: | English |
|---|---|
| Year of publishing: | 2022 |
| Typology: | 1.01 - Original Scientific Article |
| Organization: | UM FVV - Faculty of Criminal Justice |
| Publisher: | Moderna organizacija |
| UDC: | 004.056:621.39 |
| COBISS: |
109986819
|
| ISSN: | 1318-5454 |
| Views: | 34 |
| Downloads: | 0 |
| Average score: | 0 (0 votes) |
| Metadata: |
|
Other data
| Secondary language: | Slovenian |
|---|---|
| Secondary keywords: | informacijska varnost;odločitveni model;analitični hierarhični proces;AHP;management;zunanje izvajanje; |
| Type (COBISS): | Scientific work |
| Pages: | str. 142-159 |
| Volume: | ǂVol. ǂ55 |
| Issue: | ǂno. ǂ2 |
| Chronology: | 2022 |
| DOI: | 10.2478/orga-2022-0010 |
| ID: | 24283238 |
Recommended works:
Outsource or not?
2022,
ǂan ǂAHP based decision model for information security management
Uporaba večkriterijskih odločitvenih modelov za ocenjevanje kakovosti ponudbe turističnih kmetij
2016,
no subtitle data available
ǂAn ǂapplication of analytic hierarchy process (AHP) and sensitivity analysis for maintenance policy selection
2014,
no subtitle data available
Comparison of some aggregation techniques using group analytic hierarchy process
2015,
no subtitle data available