Ackermann, Tobias ; Miede, André ; Buxmann, Peter ; Steinmetz, Ralf (2011)
Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification.
Helsinki, Finland
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2011 |
Autor(en): | Ackermann, Tobias ; Miede, André ; Buxmann, Peter ; Steinmetz, Ralf |
Art des Eintrags: | Bibliographie |
Titel: | Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification |
Sprache: | Englisch |
Publikationsjahr: | Juni 2011 |
Buchtitel: | Proceedings of the 19th European Conference on Information Systems (ECIS) |
Veranstaltungsort: | Helsinki, Finland |
Kurzbeschreibung (Abstract): | The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model. |
Freie Schlagworte: | Secure Services;IT outsourcing, IT risk management, taxonomy, risks, IT security, quality of service, literature review |
ID-Nummer: | TUD-CS-2011-0119 |
Fachbereich(e)/-gebiet(e): | LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
Hinterlegungsdatum: | 30 Dez 2016 20:23 |
Letzte Änderung: | 03 Jun 2018 21:30 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |