TU Darmstadt / ULB / TUbiblio

Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification

Ackermann, Tobias ; Miede, André ; Buxmann, Peter ; Steinmetz, Ralf (2011)
Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification.
Helsinki, Finland
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2011
Autor(en): Ackermann, Tobias ; Miede, André ; Buxmann, Peter ; Steinmetz, Ralf
Art des Eintrags: Bibliographie
Titel: Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification
Sprache: Englisch
Publikationsjahr: Juni 2011
Buchtitel: Proceedings of the 19th European Conference on Information Systems (ECIS)
Veranstaltungsort: Helsinki, Finland
Kurzbeschreibung (Abstract):

The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model.

Freie Schlagworte: Secure Services;IT outsourcing, IT risk management, taxonomy, risks, IT security, quality of service, literature review
ID-Nummer: TUD-CS-2011-0119
Fachbereich(e)/-gebiet(e): LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 30 Dez 2016 20:23
Letzte Änderung: 03 Jun 2018 21:30
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen