Mathematical model-based security management framework for future ICT outsourcing project

Abstract

The information communication technology (ICT) outsourcing market is growing larger every year from the increasing number of companies that utilize ICT outsourcing, as industry scale increases and industrial specialization intensifies. However, the current circumstance is that security accidents related to ICT outsourcing are continuously occurring at an increasing scale. There is a lack of studies measuring the level of security management of organizational ICT outsourcing, which is the first step in performing security management of ICT outsourcing. In addition, most studies focus on general organizational security management. Accordingly, this paper aimed to design a model to measure the level of security management of companies utilizing ICT outsourcing. Specifically, this paper analyzed security vulnerabilities that could occur in ICT outsourcing that may be mapped with the accorded security measures as solutions to deduce items for ICT outsourcing security inspections. Next, this paper developed an ICT outsourcing security level quantification model by verifying the validity of the security inspection items deduced and by estimating item-specific weighted points. Additionally, the applicability of the ICT outsourcing security level quantification model developed was verified by applying it to actual companies.