Addressing Cultural Dissimilarity in the Information Security Management Outsourcing Relationship

Organizational culture influences the way a) information security is perceived, b) security countermeasures are adopted, and c) the organization reacts to the cultural changes of a new security program. In Information Security Management Outsourcing (ISMO), cultural differences may arise between the organization and the provider, for example conflict between the countermeasures applied by the provider and the company's internal policies. We propose a conceptual framework of security mechanisms in order organizations that choose ISMO to identify and manage cultural dissimilarity.

[1]  Ron Chi-Wai Kwok,et al.  The evolution of outsourcing research: what is the next issue? , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[2]  Edgar H. Schein,et al.  On Dialogue, Culture, and Organizational Learning , 1993 .

[3]  Young-Gul Kim,et al.  Effect of Partnership Quality on IS Outsourcing Success: Conceptual Framework and Empirical Validation , 1999, J. Manag. Inf. Syst..

[4]  Jan H. P. Eloff,et al.  Information Security Culture , 2002, SEC.

[5]  Marie Alner,et al.  The Effects of Outsourcing on Information Security , 2001, Inf. Secur. J. A Glob. Perspect..

[6]  José L. Gascó,et al.  Information systems outsourcing success factors: a review and some results , 2005, Inf. Manag. Comput. Security.

[7]  Varun Grover,et al.  The Effect of Service Quality and Partnership on the Outsourcing of Information Systems Functions , 1996, J. Manag. Inf. Syst..

[8]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[9]  Jill Slay IS security, trust and culture: a theoretical framework for managing IS security in multicultural settings , 2003 .

[10]  Carl F. Endorf Outsourcing Security: The Need, the Risks, the Providers, and the Process , 2004, Inf. Secur. J. A Glob. Perspect..

[11]  Ron Chi-Wai Kwok,et al.  IT outsourcing evolution---: past, present, and future , 2003, CACM.

[12]  Ortwin Renn,et al.  The role of risk perception for risk management , 1998 .

[13]  Rossouw von Solms,et al.  Information security obedience: a definition , 2005, Comput. Secur..

[14]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[15]  Colette Fenn,et al.  IT Security Outsourcing: How Safe is your IT Security? , 2002, Comput. Law Secur. Rev..

[16]  Cism Thomas R. Peltier Cissp Implementing an Information Security Awareness Program , 2005 .

[17]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[18]  Cism Thomas R. Peltier Cissp Implementing an Information Security Awareness Program , 2005 .

[19]  J. Eloff,et al.  Information security management: a new paradigm , 2003 .

[20]  Leslie P. Willcocks,et al.  Exploring information technology outsourcing relationships: theory and practice , 2000, J. Strateg. Inf. Syst..

[21]  Joan Wilbanks Outsourcing Internet Security: The Life You Save May Be Your Company's , 2001, Inf. Secur. J. A Glob. Perspect..

[22]  Szu-Yuan Sun,et al.  The factors influencing information systems outsourcing partnership-a study integrating case study and survey research methods , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[23]  E. Schein Organizational Culture and Leadership , 1991 .

[24]  Bandula Jayatilaka,et al.  Information systems outsourcing: a survey and analysis of the literature , 2004, DATB.

[25]  Gerald Quirchmayr,et al.  A framework for outsourcing IS/IT security services , 2006, Inf. Manag. Comput. Secur..

[26]  Louise Yngström,et al.  Outsourcing ICT Security to MSSP: Issues and Challenges for The Developing World , 2006, ISSA.

[27]  R. Keeney,et al.  Improving risk communication. , 1986, Risk analysis : an official publication of the Society for Risk Analysis.