Information Technology Outsourcing Risk Factors and Provider Selection

Information technology outsourcing has become a major issue in business and received a large attention from both business managers and scholars. Indeed, it helps a business company to reduce it costs and to maintain its competitiveness. The purpose of this chapter is to introduce the utility of information technology outsourcing for the enterprise and to review some recent works in outsourcing risk factors identification and provider selection. Finally, drawbacks of information technology outsourcing will be presented along with future research directions.

A Tale of Policies and Breaches

While the use of social media offers great opportunities to interact with customers and business partners, there are significant risks associated with this technology if a clear strategy has not been defined to address both the risks and the benefits that come along with it. The best approach for an organization to effectively utilize the benefits of this technology is to engage all relevant stakeholders and establish a strategy that addresses the pertinent issues. The organization needs to have in place relevant policies so as to be able to achieve it. To be able to identify the most frequent risks and their source, we captured breach data from various sources. In the chapter, we analyzed that the most important source of risk that can occur due to use of social media for a company is from its own workforce and an employee might find various ways of doing so.

Implications of HIPAA and Subsequent Regulations on Information Technology

Abysmal state of policies governing the health plan providers lead to a huge discontent amongst the public in regards to their health plan besides privacy and security of their medical records. Anyone with access to the patient's medical records could potentially share it with parties like health plan providers or the employers. To address the privacy and the security of patient's medical records, Congress enacted HIPAA in 1996. Chapter starts with discussing the need for HIPAA. Subsequently, we discuss HIPAA at considerable depth. Significant additions and changes were made in subsequent acts and amendments due to pressing policy needs and to address various loopholes. The chapter provides a chronological recount of HIPAA since its introduction. Once the reader develops a complete understanding of HIPAA regulation, we shift our focus to the compliance to HIPAA. We delve deeper into implications of HIPAA on healthcare organizations and the information technology world.

Strengthening IT Governance With COBIT 5

This paper aims to explore the importance of COBIT 5 as a framework, in ensuring the effective “Governance of Enterprise Information Technology (GEIT)”, and to promote the understanding of the five COBIT 5 principles. A comprehensive literature review has also been performed taking into account a total of 56 research papers published in the last decade on COBIT. The data collected from these research papers was analyzed in order to identify various trends- commonalities, differences, themes, and the nature of study. The research papers have been categorized first on basis of their scope and secondly on their nature (empirical, conceptual or descriptive). Towards the end of the paper, we have provided an overview of our findings on the strengths and weaknesses of the research papers studied, and have made suggestions for future research.

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

An enterprise is characterized by its business processes and supporting ICT infrastructure. Securing these entities is of utmost importance for the survival of an enterprise and continuity of its business operations. In order to secure them, it is important to first detect the risks that can be realized to cause harm to those entities. Over the years, several kinds of security risk analysis methodologies have been proposed. They cater to different categories of enterprise entities and consider varying levels of detail during risk analysis. An enterprise often finds it difficult to select a particular method that will best suit its purpose. This paper attempts to address this problem by presenting a detailed study of existing risk analysis methodologies. The study classifies them into specific categories and performs comparative analyses considering different parameters addressed by the methodologies, including asset type, vulnerabilities, threats, and security controls.

Swimming Upstream in Turbulent Waters

Agile approach is a pragmatic fashion of software development, wherein the requirements are flexible to the changing needs of the customers, fast paced markets and the iterations of software are implemented and delivered based on business priorities. A risky or experimental project where the project requirements are not clear/not defined well in advance, are the most suitable candidates for adopting agile approach, as agile enables us to work with calculated risks during development, aiming to reduce the risks. The value of any implementation is realized only if it delivers benefits to organization and users, which could be assured by effective auditing of the implementation by understanding the implications of agile approach and figuring out right audit techniques and processes. Many organizations already have well established audit functions and matured IT Audit procedures for auditing traditional SDLC waterfall processes. Yet the methods for auditing software development based on agile approach requires a different attitude and audit techniques that goes well with the proactive nature of agile approach. This paper aims to present risk based audit approach on the agile implementation of software development, how risk identification and assessment can be merged along with the phases of software development and the ways by which agile techniques can be effectively utilized as tools for audit.

Do Privacy Concerns Affect Information Seeking via Smartphones?

The innovation and evolution of technologies in smartphone industry has enabled users to efficiently achieve many tasks including utilizing search engines for instant information retrieval anytime and anywhere. Nonetheless, some users choose not to use these smartphone features including search engines to seek information. This study explores the factors that impact the likelihood of information seeking via smartphones. Privacy concern was found to be one of the main factors influencing the likelihood of seeking information. Android users were more likely to seek information compared to iPhone users, possibly due to the differences in the features of the operating systems of these phones. Motivation to seek information captured by technology ownership increases the likelihood of information seeking. The diversity of social network connections also plays a significant in information seeking behavior of the users.

Impact of Technology Innovation

Cloud enables computing as a utility by offering convenient, on-demand network access to a centralized pool of configurable computing resources that can be rapidly deployed with great efficiency and minimal management overhead. In order to realize the benefits of the innovative cloud computing paradigm, companies must overcome heightened risks and security threats associated with it. Security and privacy in cloud is complex owing to newer dimensions in problem scope such as multi-tenant architectures and shared infrastructure, elasticity, measured services, viability etc. In this paper, we survey existing literature on cloud security issues and risks which then guides us to provide a section on auditing based to address the identified risks. We also provide a discourse on risk assessment frameworks to highlight benefits using such structured methods for understanding risks. The main contribution of the paper is investigation of current innovations in cloud computing that are targeted towards assisting in effective management of aforementioned risks and security issues. The compilation of discussed solutions has been developed to cater to specific cloud security, compliance and privacy requirements across industries by cloud service providers, software-as-a-service (SaaS) application vendors and advisory firms.

Fortifying Corporate Human Wall

It has been very evident from data breaches from last few years that attackers are increasingly targeting the path of least resistance to compromise the security of organizations. Cyber security threats that exploit human behavior are becoming sophisticated and difficult to prevent against. At the same time humans are the countermeasures that can adapt swiftly to changing risk landscape than technological and procedural countermeasures. Organizations are implementing and enhancing their security awareness and training programs in an attempt to ensure that risks from human elements, which pose the greatest risks, are mitigated. The chapter conducts a thorough literature review in the area of security awareness and training and presents a classification scheme and a conceptual research model to provide insights into the existing body of knowledge in the area. Trends and analyses are also presented from the reviewed papers, which can be of importance to organizations in improving their security awareness programs. The insights from the study can be leveraged to build a strong human wall against both internal and external threats that are fast evolving and causing tremendous amount of loss.

A Step-by-Step Procedural Methodology for Improving an Organization's IT Risk Management System

Risks in IT are described as a form of threat in context with data security, network transfer, system scheduled processes, critical applications, and business procedures. IT risk management is broadly defined as the process of managing IT risks, and must be executed on a regular basis. It is neither a product nor a purchase, but a policy of an organization implements to protect its business systems. Managing IT risk plays a vital role in administering any business in today's world. Irrespective of the business, deep knowledge of IT risk leads to increased data security, reduced business cost, and greater compliance. This chapter deals with methodologies to improve risk management in an IT organization, their impact, and some examples.