EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Outsource or not? An AHP Based Decision Model for Information Security Management

Jelovčan Luka, Mihelič Anže and Prislan Kaja ()
Additional contact information
Jelovčan Luka: SGB, Varnostno svetovanje, d.o.o., Ljubljana, Slovenia
Mihelič Anže: University of Maribor, Faculty of Criminal Justice and Security, Ljubljana, Slovenia
Prislan Kaja: University of Maribor, Faculty of Criminal Justice and Security, Ljubljana, Slovenia

Organizacija, 2022, vol. 55, issue 2, 142-159

Abstract: Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities. Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model. Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations. Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.

Keywords: Information security; Decision model; Analytic hierarchy process; AHP; Management; Outsourcing (search for similar items in EconPapers)
Date: 2022
References: Add references at CitEc
Citations:

Downloads: (external link)
https://doi.org/10.2478/orga-2022-0010 (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:vrs:organi:v:55:y:2022:i:2:p:142-159:n:5

DOI: 10.2478/orga-2022-0010

Access Statistics for this article

Organizacija is currently edited by Jože Zupančič

More articles in Organizacija from Sciendo
Bibliographic data for series maintained by Peter Golla ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:vrs:organi:v:55:y:2022:i:2:p:142-159:n:5