Information Security Risks in Enabling e-Government: The Impact of IT Vendors

The purpose of this article is to identify information systems security risks in local governments resulting from the cooperation with IT vendors. We focus on government-to-government projects where the confidentiality, integrity, and availability of information is a key concern. In our risk identification process, we take a systems thinking approach, taking into account actual and perceived risks. We identified 13 causes of risk in three risk areas and analyzed them using outsourcing literature.

[1]  RivardSuzanne,et al.  A framework for information technology outsourcing risk management , 2005 .

[2]  Barry Bozeman,et al.  Public management information systems: theory and prescription , 1986 .

[3]  John Sherwood,et al.  Managing security for outsourcing contracts , 1997, Comput. Secur..

[4]  Ortwin Renn Three decades of risk research: accomplishments and new challenges , 1998 .

[5]  Herbert A. Simon,et al.  The new science of management decision , 1960 .

[6]  Ralph L. Keeney,et al.  Value-Focused Thinking: A Path to Creative Decisionmaking , 1992 .

[7]  Junghoon Moon,et al.  IT outsourcing for E-government: Lessons from IT outsourcing projects initiated by agricultural organizations of the Korean government , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[8]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[9]  Suzanne Rivard,et al.  A framework for information technology outsourcing risk management , 2005, DATB.

[10]  Mete Yildiz,et al.  E-government research: Reviewing the literature, limitations, and ways forward , 2007, Gov. Inf. Q..

[11]  Gerald Quirchmayr,et al.  A framework for outsourcing IS/IT security services , 2006, Inf. Manag. Comput. Secur..

[12]  Leslie P. Willcocks,et al.  A review of the IT outsourcing literature: Insights for practice , 2009, J. Strateg. Inf. Syst..

[13]  Paolo Leon The Economic Institutions of Capitalism , 1986, The Antitrust Bulletin.

[14]  Antonio Cordella,et al.  Outsourcing, bureaucracy and public value: Reappraising the notion of the "contract state" , 2010, Gov. Inf. Q..

[15]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[16]  Sonia Gantman Vilvovsky,et al.  Differences between public and private IT outsourcing: common themes in the literature , 2008, DG.O.

[17]  W. Currie Outsourcing in the private and public sectors: an unpredictable IT strategy , 1996 .

[18]  Per Oscarson,et al.  Actual and Perceived Information Systems Security , 2007 .

[19]  M. J. Earl,et al.  The Risks of Outsourcing IT , 1996 .

[20]  J. Shaoul Human Error , 1973, Nature.

[21]  Abdulwahed Mohammed Khalfan,et al.  Information security considerations in IS/IT outsourcing projects: a descriptive case study of two sectors , 2004, Int. J. Inf. Manag..

[22]  Steven De Haes,et al.  IT Governance Structures, Processes and Relational Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[23]  Leslie P. Willcocks,et al.  Risk mitigation in IT outsourcing strategy revisited: longitudinal case research at LISA , 1999, J. Strateg. Inf. Syst..

[24]  R. Hirschheim Information Systems Outsourcing , 2002 .

[25]  Bartel Van de Walle,et al.  A Systems Perspective on Security Risk Identification: Methodology and Illustrations from City Councils , 2008 .

[26]  Edgar A. Whitley,et al.  The Construction of Social Reality , 1999 .

[27]  M. Buck-Lew,et al.  To outsource or not , 1992 .

[28]  Gurpreet Dhillon,et al.  Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..

[29]  W. Dugger The Economic Institutions of Capitalism , 1987 .

[30]  N. Carr IT doesn't matter , 2003, IEEE Engineering Management Review.

[31]  Bandula Jayatilaka,et al.  Information systems outsourcing: a survey and analysis of the literature , 2004, DATB.

[32]  H. Raghav Rao,et al.  Information systems outsourcing , 1996, CACM.

[33]  C. Prahalad,et al.  The Core Competence of the Corporation , 1990 .

[34]  John Leach,et al.  Security considerations in outsourcing IT services , 1996, Inf. Secur. Tech. Rep..

[35]  Dieter Fink A Security Framework for Information Systems Outsourcing , 1994, Inf. Manag. Comput. Secur..

[36]  Chandradeo Bokhoree,et al.  Risk of Insider Threats in Information Technology Outsourcing: Can Deceptive Techniques be Applied? , 2006, Security and Management.

[37]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[38]  Donald R. Cooper,et al.  Business Research Methods , 1980 .