A framework for outsourcing IS/IT security services
Purpose ? This paper seeks to provide an overview of the major technical, organizational and legal issues pertaining to the outsourcing of IS/IT security services. Design/methodology/approach ? The paper uses a combined socio-technical approach to explore the different
aspects of IS/IT security outsourcing and suggests a framework for accommodating security and privacy requirements that arise in outsourcing arrangements. Findings ? Data protection requirements are a decisive factor for IS/IT security outsourcing, not only because they pose restrictions
to management, but also because security and privacy concerns are commonly cited among the most important concerns prohibiting organizations from IS/IT outsourcing. New emerging trends such as outsourcing in third countries, pose significant new issues, with regard to meeting data protection
requirements. Originality/value ? The paper illustrates the reasons for which the outsourcing of IS/IT security needs to be examined under a different perspective from traditional IS/IT outsourcing. It focuses on the specific issue of personal data protection requirements that must
be accommodated, according to the European Union directive.