Information security concerns towards best practices for IT outsourcing projects from the perspective of service provider in Iran
Many firms are now evaluating the possibility to outsource their IT functions in order to focus their efforts and capitals on core-competencies thus reducing costs and improving quality of their IT services. While the client‘s sourcing decisions and the client-service provider relationship have been...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2009
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/18352/1/NimaParhamMFC2009_InformationSecurityConcernsTowardsBestPractices.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Many firms are now evaluating the possibility to outsource their IT functions in order to focus their efforts and capitals on core-competencies thus reducing costs and improving quality of their IT services. While the client‘s sourcing decisions and the client-service provider relationship have been investigated in literature, the service provider's perspective has rarely been studied. Since the outsourcing organization loses the direct control of information system, maintenance of adequate level of security is a fundamental problem in outsourcing. This study focus on various aspects of information security in IT outsourcing that must be addressed by Iranian service providers, but attention will be focused on importance of physical security, personnel related security issues and business continuity planning. There are several objectives for this study. This study firstly attempts to explore the IT outsourcing activities of Iranian service providers. Secondly, is to investigate the service provides‘ practices in terms of physical security, personnel related security issues and business continuity planning. This study further examines physical security, personnel related issues, business continuity planning and the relevancy of those factors with best practices of information security implementation. IT managers and IT executives of service provider companies are the targeted respondents. There are three phases in the design of the study. The initial phase is preliminary study where interviews are conducted. This is done to probe IT outsourcing practices in Iran from perspective of service provider. In the second phase, which is the main phase, questionnaires are distributed. Subsequently, interviews are conducted which involves purposeful sampling method. This is embarked in order to derive a more comprehensive conclusion. |
|---|