Application 3 – Annotated Bibliography
Business Process Management Journal Multi-level information system security in outsourcing domain M. Razvi Doomun,
Article information: To cite this document: M. Razvi Doomun, (2008) "Multi‐level information system security in outsourcing domain", Business Process Management Journal, Vol. 14 Issue: 6, pp.849-857, https://doi.org/10.1108/14637150810916026 Permanent link to this document: https://doi.org/10.1108/14637150810916026
Downloaded on: 11 March 2018, At: 19:07 (PT) References: this document contains references to 16 other documents. To copy this document: permissions@emeraldinsight.com The fulltext of this document has been downloaded 2140 times since 2008*
Users who downloaded this article also downloaded: (1994),"A Security Framework for Information Systems Outsourcing", Information Management & Computer Security, Vol. 2 Iss 4 pp. 3-8 <a href="https://doi.org/10.1108/09685229410068235">https:// doi.org/10.1108/09685229410068235</a> (2006),"A framework for outsourcing IS/IT security services", Information Management & Computer Security, Vol. 14 Iss 5 pp. 403-416 <a href="https://doi.org/10.1108/09685220610707421">https:// doi.org/10.1108/09685220610707421</a>
Access to this document was granted through an Emerald subscription provided by emerald-srm:552352 []
For Authors If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.
*Related content and download information correct at time of download.
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
Multi-level information system security in outsourcing domain
M. Razvi Doomun Department of Computer Science and Engineering,
University of Mauritius, Reduit, Mauritius
Abstract
Purpose – Information security is an integral part of all outsourcing activities and it is important for both the outsourcing company and the vendor to reach agreement as regards what type and what level of information security will be provided by the vendor in relation to the outsourced activities. The purpose of this paper is to evaluate the potential risks and information system (IS) security needs when outsourcing takes place and analyse the different security level in outsourcing agreements.
Design/methodology/approach – This paper is primarily based on a review of the literature. International security standards and best security practices are analysed and discussed. A multiple level security framework as an effective approach in outsourcing domain is addressed.
Findings – It is found that IS security risks can be effectively identified, monitored and evaluated by the concept of a layered security model that fits best in the complex outsourcing domain. There are three levels of security, first guidelines of technical security, second risk analysis and, third compliance and evaluation criteria, including managing information security.
Originality/value – The approach could be used to integrate IS security with service level agreements. Outsourcing vendors with security certifications, strong security adherence systems and optimal disaster recover plans will have a competitive edge in the industry.
Keywords Information management, Data security, Outsourcing, Risk management
Paper type Conceptual paper
Introduction Outsourcing is one of the tactics that innovative companies use but it is not without risk. Security is now considered the key element in an outsourced environment. Current trends show that customers are looking for “Trusted Sourcing” destination, i.e. not only “low cost” and “high quality” outsourcer, but also highly secured and trusted sourcing base. Information system (IS) security is now among the most important factors in selecting an outsourcing partner ahead of financial strength, business stability and reputation (Martinsons, 1993). Many companies are reluctant to IS outsourcing because of security concerns, namely information theft, information sabotage, information leakage and business espionage.
Information security can be broadly classified under network security (security of storage and transmission infrastructure), physical security (security of work areas, documents), personnel security (security against threat from insiders) and business continuity and disaster recovery (contingency plans to retrieve information and prevent loss in the case of emergencies) (Evalueserve, 2002). The success of business outsourcing relationship depends on thorough understanding of what services are to be outsourced and what security risks might exist. Many security risks are a result of inappropriate access to confidential information, improper disclosure of confidential or sensitive information, or inappropriate use of confidential information. People are responsible for maintaining information security, and they in turn utilise processes and
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1463-7154.htm
Multi-level information
system security
849
Business Process Management Journal
Vol. 14 No. 6, 2008 pp. 849-857
q Emerald Group Publishing Limited 1463-7154
DOI 10.1108/14637150810916026
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
technology. Security processes need to be built to prevent breaches, detect breaches and recovery from breaches. Processes must harness technology to ensure that information security is implemented as stated in the company’s policy. In the last decade, several studies have been conducted to address a variety of outsourcing research issues. Although many researchers in the field have focused on various outsourcing issues such as performance (Loh and Venkatraman, 1995), motivation and scope (Buck-Lew, 1992; Benko, 1992), insourcing-or-outsourcing (Meyer, 1994; Reponen, 1993), contract agreements and partnership (Fitzgerald and Willcocks, 1994), there have been few papers that discuss these diverse research issues from a purely security perspective. As the importance of information security as a quality factor of an IS is widely acknowledged, and outsourcing is emerging rapidly, maintenance of higher level of security becomes a major success factor in outsourcing domain. In this work, a broader view of outsourcing trends related to risk is presented and a deeper understanding about multi-level security in outsourcing is discussed.
Related work It has been argued that there are “too few academic studies of types of information technology (IT) outsourcing risk, their salience and their mitigation” (Willcocks et al., 1999). The security factor ranked first in studying risk factors in considering IT/IS outsourcing and came as no surprise since data confidentiality always has very high priority for outsourcing decision in developing countries (Abdulwahed and Tom, 2001; Badri, 1992). As noted by Fink (1994), information security is an area often neglected in outsourcing arrangements. It covers both data security and business recovery planning. When the IT function is outsourced to an external service provider, the organisation no longer retains full control of information security whereas the full control of the information security is retained when the IT function is provided in-house (Lee, 1995). According to Collins and Millen (1995), the “corporate security issue” was one of the majors frequently cited reservation made by American firms.
Above all when a provider has to serve several direct competitors, which means having to keep confidentiality about the information corresponding to all of them (Grover et al., 1994; Lacity and Hirschheim, 1993), security is of utmost importance. The security of the IS services outsourced will depend on the providing firm, which is why policies and procedures must be negotiated within the outsourcing contract to ensure that IS security objectives (effectiveness, efficiency, adequacy, integrity, validity, authorisation, privacy) continue to be fulfilled.
Complying with international security standards, establishing security policies, adopting best security practices and latest technologies are essential for a trusted outsourcer. Furthermore, the outsourcing industry needs to establish security capabilities that reinforce the trust of outsourcing customers and provide them with the information they need to make good decisions. From the client point of view, it is very costly and fairly difficult for an organisation to restore its own IS architecture and information management know-how, after these activities have been handled by an outside party for a considerable period of time (Martinsons, 1993). Therefore, companies want to have a visible window into their outsourcer’s security plans.
A prominent response to the need for universal standards of trust is the recent revision of the global security framework: the new ISO 17799:2005 standard. It increases emphasis on the need not only to have good security controls, but also the
BPMJ 14,6
850
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
capability to validate this. It mandates validation through systematic auditing and monitoring of activity to prevent unauthorised access to sensitive corporate and customer information. By fully adopting ISO 17799:2005, outsourcer companies give themselves a superstructure that allows them to rightfully claim the high ground in securing the trust of their stakeholders.
BS7799 is a globally accepted standard providing businesses that deal in confidential and sensitive data, the process framework on which their information security management system can be established, implemented, operated, monitored, reviewed, improved and documented efficiently within the scope of the organisation’s overall business risks. BS7799 encompasses ten major domains, namely:
(1) security policy;
(2) security organisation;
(3) asset classification and control;
(4) personnel security;
(5) physical and environmental security;
(6) communications and operations management;
(7) system access control;
(8) system development controls;
(9) business continuity planning; and
(10) compliance and auditing.
Outsourced service providers contract with accounting firms to report on their information security status using Statement on Auditing Standards 70 (SAS 70), an auditing standard developed by the American Institute of Certified Public Accountants. SAS 70 focuses on controls and control objectives.
IS security risk in outsourcing Outsourcing brings a series of new risks to IS. Other outsourcing risks that customers value highly in their decision are: strategic risk, operational risk, financial risk, human capital risk, reputation risk and legal risk (Willcocks et al., 1999). Operation risks, i.e. week controls may affect customer privacy. Thus, compliance risks arise when vendors do not have enough privacy regulation. Strategic risks in developing countries occur when the laws are not adequate to protect “trade secrets”.
Logical IS security deals with unauthorised access to organisation’s IS. Outsourcing increases the likelihood of the system being breached, altered or destroyed, due increase in number of users with access to the system. There is additional vulnerability if loss of confidentiality and privacy occur. Sensitive information and trade secrets may leak, leading to loss of competitive edge. Outsource companies themselves occasionally use sub-contractors and enter their own outsource agreements, sometimes even becoming “customer providers” to larger outsource operations. The chain of users becomes only as strong as its weakest link. The increasing risks and costs of cyber attacks are forcing businesses to take a much more aggressive approach to information security in outsourcing.
Outsourcer companies perform self-assessment of security risks covering all aspect of the business environment, namely: information security governance, asset inventory
Multi-level information
system security
851
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
classification, compliance, physical and environmental security, business continuity, system security administration, network security, system development environment, third party access and end-user computing.
The advantages of a security framework are: . Provides outsourcing security that is consistent, constant, of international
standard and covers every thing. . Characterises good IS security in outsourcing that is reliable, robust and
repeatable. . Enhances the outsourcing business with advance security monitoring,
management and maintenance.
IS security risks can be effectively identified, monitored and evaluated by the framework shown in Figure 1.
The implementation of new methodologies and a structured approach to information security are all elements of a concept known as defence-in-depth. It represents the concept of a layered security model that fits best in the complex outsourcing domain. In this model, multiple layers of independent security capabilities and functions are implemented to safeguard access and utilisation of all information assets. By implementing multiple independent layers of security, an organisation significantly improves it security posture and reflects a high level of assurance that it is adequately protecting client information assets from both internal and external adversaries. Fierce competition is also forcing outsourcing vendors to reengineer business processes and rethink how they are approaching information security. They are increasingly moving from a reactive, event-driven model to a proactive, threat-driven one.
Security of data and sensitive information can become a form of marketing strength for outsourcing vendors. The evaluation of security policies and practices should not represent an area of significant tension between outsourcing providers and clients. It is imperative that accepted information security policies in outsourcing and recovery and strategic plans have been established in an agreement.
Multiple layer security agreement The main steps of an outsourcing arrangement are as follows:
(1) strategic planning and scheduling;
(2) due diligence/assessment;
(3) human resource strategy;
(4) technology strategy;
(5) risk mitigation strategy;
(6) compliance issues;
(7) security and service level agreements;
(8) negotiating the agreement;
(9) business process management;
(10) conflict/dispute resolution; and
(11) exit strategy.
BPMJ 14,6
852
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
Steps 4, 5 and 6, as represented in Table I, deal with the essential security requirements for the outsourcing arrangement. In the technology strategy stage, there is need for extensive reviewing of physical and logical security, system access and vulnerability to internal and external threats. The risk mitigation phase enables detail risk assessment, examines potential technology oriented threats such as cyberfraud. Finally, compliance part looks into security conformity issues, operational or transactional risk, security legislation and privacy regulation in the form of IT related laws. Service level agreements define the required security policy for client.
Figure 1. Security risk identification
and monitoring
Security level Agreements
(Client requirements)
Internal organisational
change
Technology evolution and other
related factors
Security gap analysis
Continuous risk and control assessment
Reengineer security plan and applicability
Information security and controls implementation
Monitor ongoing audits
Information system risk quantification
metric
Security management and log
database
S ec
ur it
y ri
sk i
de nt
if ic
at io
n S
ec ur
it y
ri sk
m on
it or
in g
an d
im pr
ov em
en t
IS s
ec ur
it y
m ea
su re
m en
t
Multi-level information
system security
853
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
These agreements specify levels of service that the servicing entity agrees to guarantee to the customer; therefore it also includes service provider’s responsibility in terms of security, business continuity and disaster recovery. In the outsourcing agreement, information security requirements can be stated at three levels: initially with a guideline based approach, second there is risk analysis and finally there is evaluation criteria approach towards information security.
Depending on the nature of the outsourcing service provided and the criticality of information involved, the following should be addressed in the service and security level agreement between vendor and client:
. Security standards that may be based on common industry benchmarks.
. Requirements for periodic vulnerability tests and security assessments.
. Notification of security incidents and resolution.
. Periodic security audits making provision that information security standards will be maintained consistent.
. Independent reports of internal control (e.g. SAS 70 reports) for the location where the client’s data or applications are being managed.
Being aware of the complexity of IS security, the efficiency of security policies have to be tested from time to time. Security audits may find gaps in the security plan which may not have been understood, or may have arisen with growth and change in the lifecycle of the organisation. Security audits are also useful in helping to ensure compliance.
Outsourcing process layer Requirements
Compliance Regulatory framework Strong copyright, intellectual property management and protection,
privacy and global outsourcing security laws Law enforcement Penalties, information security culture Security standards Information security benchmarks, global security intelligence,
independent auditing and review of security level Risk Threats Security from internal threats, limited and controlled access rights,
confidentiality and non-disclosure agreements, security training and awareness
Technology Data and network security Technological solutions like firewalls, anti-virus at various levels,
backups, advance encryption methodologies, authentication and access controls, biometrics, active IDS, VPN, Server-level clustering/Storage area network, real-time monitoring and management, security of wireless devices. Activity auditing technology
Process protection 24 h network monitoring, guidelines on the usage of official assets, real time analysis and response, disaster recovery plans and business continuity
Physical protection 24 h premises security, closed-circuit camera in the workplace, multi-level code access, fire suppression systems Service and security level agreements
Table I. Security levels in outsourcing agreements
BPMJ 14,6
854
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
A secure by design and agreement approach is needed at the different layers between outsourcing endpoints, focusing on the following:
. application delivery and reliability;
. access security and control;
. policy based controls;
. advance authentication and identity management;
. industry certification and partnership;
. industry standard security infrastructure;
. endpoint security compliance and enforcement; and
. comprehensive reporting and auditing.
Where data resides at the vendor firm, companies often implement network security by replicating the client’s network practices “as is” unless otherwise specified in the contract. Information is usually transmitted over international private leased circuits (IPLC) or virtual private networks (VPNs) over the Internet. An IPLC is a dedicated circuit used only by the company leasing it. In contrast, the VPN uses the Internet but with encryption, digital certification and other security mechanisms to simulate a private network that can be accessed only by authorised users. In addition to the use of firewalls and other standard security practices, demilitarized zone approach insulate core systems from “trusted servers” facing the public Internet. The use of an active intrusion detection system (IDS) to monitor all incoming and outgoing network transmissions which look for suspicious data transmission patterns. Outsourcing companies require to maintain extensive access logs of processes, agents, locations, times of log-ons and log-offs and security alerts.
Security consideration over wireless environment is more complicated than in wired environment. As organisations increasingly rely on mobile devices to store and manipulate sensitive information, it is imperative that they should develop a security program using leading edge wireless security technologies. First, a security policy that deals specifically with hand-held devices is needed. A set of centralized autonomous business processes is also required to establish and maintain the security of these devices in a consistent way. A suite of security products and standards, e.g. IEEE 802.11i, is essential to protect the integrity of the device, the confidentiality of data stored there, and the authenticity, integrity and confidentiality of wireless network communications.
The problem of coordinating and managing multiple security technologies across the organisation can be a major obstacle. As security technologies have become more complex and heterogeneous, manageability of large networks that integrate a variety of point products has become significantly more difficult and more costly. This can be seen in the upgrades and reconfigurations now required to coordinate and manage technologies such as firewall, VPN and intrusion detection, for example.
Security personnel in all entry and exit points, and biometric or some advanced technologies are used to track the employee movement. Most companies believe attacks are generated internally, personnel security involves a three-pronged approach: employee screening with background checks, training and a robust disciplinary process.
Multi-level information
system security
855
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
Many outsourcer companies implement international data protection standards such as BS 7799, SAS 70 and ISO 17799, which ensure use of safe software, techniques such as data encryption, copy protection, IDSs, firewalls, anti-virus tools, network security, system security systems and monitoring systems and provide a well defined framework. Generally, both clients and vendors have to share responsibility for data security and coordinate efforts while specifying the service and security level agreements. Compliance issues, risk mitigation strategy and technology strategy are discussed and finalised from the information security angle also. Globalisation in the outsourcing industry means vendors have to keep moving up in the value chain by providing an extra value to customers, namely IS security stability and maturity.
Compliance requirements typically include the use of authentication to assure the identity and authorisation of users. Limitations on access to information and privacy of personal information can be achieved by segregation of responsibilities between users and groups to limit abuses. Auditing, which is usually required to demonstrate compliance, brings with it the associated requirement for an appropriate level of reporting. The difficulties and cost of implementing compliance are exacerbated by the fact that many organisations have a highly distributed information infrastructure, with systems, devices and data found at different locations. Outsourcing vendors with security certifications, strong security adherence systems and optimal disaster recover plans will have a competitive edge in the industry.
In outsourcing environment, a programmatic approach to information security need to be adopted by vendors which is structured, measurable and business-driven process for securing information. This approach uses controls and key performance indicators to ensure that appropriate measures are in place to properly secure the vendor’s and client’s information infrastructure. The programmatic approach also ensures alignment to the business and compliance goals of the organisation.
Conclusion IS security in outsourcing is no more a mere legal requirement but it is fast becoming a factor for companies to compete on and grow businesses. Technology is ever-changing, so security is a moving target. As a result, the outsourcing industry must adopt a deep, integrated and dynamic strategy that addresses security at all tiers. In this paper, a multiple layer security framework for IS outsourcing was discussed. It can be stated that there are three levels of security, first guidelines of technical security, second risk analysis and, third compliance and evaluation criteria, including managing information security. In the future, IS security level agreements need to be fully integrated in service level agreements and will be a crucial differentiator for successful outsourcing contracts.
References
Abdulwahed, K. and Tom, G. (2001), Gough Empirical Investigation of the IS/IT Outsourcing Practices in the Private Sector, Research report series 08, 2001, University of Leeds, School of Computing, Leeds.
Badri, M. (1992), “Critical issues in information systems management: an international perspective”, International Journal of Information Management, Vol. 12, pp. 179-91.
Benko, C. (1992), “If information system outsourcing is the solution, what is the problem?”, Journal of Systems Management, pp. 32-5.
BPMJ 14,6
856
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
Buck-Lew, M. (1992), “To outsource or not?”, International Journal of Information Management, Vol. 12 No. 1, pp. 3-20.
Collins, J. and Millen, R. (1995), “Information systems outsourcing by large american industrial firms: choices and impact”, Information Resources Management Journal, Vol. 8 No. 1, pp. 5-13.
Evalueserve (2002), “Information security – Indian offshore service providers”, National Association of Software and Service Companies (India), available at: www.nasscom.org/ artdisplay.asp?Art_id ¼ 3087 (accessed October 26, 2004).
Fink, D. (1994), “A security framework for information systems outsourcing”, Information Management & Computer Security, Vol. 2 No. 4, pp. 3-8.
Fitzgerald, G. and Willcocks, L. (1994), “Contract and partnerships in the outsourcing of IT”, Proceeding of the 15th International Conference on Information Systems, Vancouver, British Columbia, Canada, pp. 91-8.
Grover, V., Cheon, M.J. and Teng, T.C. (1994), “A descriptive study on the outsourcing of information systems functions”, Information & Management, Vol. 27 No. 1, pp. 33-44.
Lacity, M.C. and Hirschheim, R. (1993), “Implementing information systems outsourcing: key issues and experiences of an early adopter”, Journal of General Management, Vol. 19 No. 1, pp. 17-31.
Lee, M. (1995), “IT outsourcing contracts: practical issues for management”, Working Paper No. 95/05, Information Systems Department, City University of Hong Kong, Hong Kong.
Loh, L. and Venkatraman, N. (1995), “An empirical study of information technology outsourcing: benefits, risks, and performance implications”, Proceedings of the 16th International Conference on Information Systems, Amsterdam, the Netherlands, December 10-13, pp. 277-88.
Martinsons, M.G. (1993), “Outsourcing information systems: a strategic partnership with risks”, Long Range Planning, Vol. 26 No. 3, pp. 18-25.
Meyer, N.D. (1994), “A sensible approach to outsourcing”, Information Systems Management, Vol. 11 No. 4, pp. 23-7.
Reponen, T. (1993), “Outsourcing or insourcing”, Proceedings of the 14th International Conference on Information Systems, December 5-8, pp. 103-15.
Willcocks, L., Lacity, M. and Kern, T. (1999), “Risk mitigation in IT outsourcing strategy revisited: longitudinal case, research at LISA”, Journal of Strategic Information Systems, pp. 285-314.
Corresponding author M. Razvi Doomun can be contacted at: r.doomun@uom.ac.mu
Multi-level information
system security
857
To purchase reprints of this article please e-mail: reprints@emeraldinsight.com Or visit our web site for further details: www.emeraldinsight.com/reprints
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )
This article has been cited by:
1. Gurpreet Dhillon, Romilla Syed, Filipe de Sá-Soares. 2017. Information security concerns in IT outsourcing: Identifying (in) congruence between clients and vendors. Information & Management 54:4, 452-464. [Crossref]
2. KarlssonFredrik, Fredrik Karlsson, KolkowskaElla, Ella Kolkowska, PrenkertFrans, Frans Prenkert. 2016. Inter-organisational information security: a systematic literature review. Information and Computer Security 24:5, 418-451. [Abstract] [Full Text] [PDF]
3. ErawanTheera, Theera Erawan. 2016. Tourists’ intention to give permission via mobile technology in Thailand. Journal of Hospitality and Tourism Technology 7:4, 330-346. [Abstract] [Full Text] [PDF]
4. Daisy Mathur Jain, Reema Khurana. 2016. A framework to study vendors’ contribution in a client vendor relationship in information technology service outsourcing in India. Benchmarking: An International Journal 23:2, 338-358. [Abstract] [Full Text] [PDF]
5. S.J. Gorane, Ravi Kant. 2013. Modelling the SCM enablers: an integrated ISM‐fuzzy MICMAC approach. Asia Pacific Journal of Marketing and Logistics 25:2, 263-286. [Abstract] [Full Text] [PDF]
6. Daisy Mathur Jain, Reema Khurana. 2013. Need for sustainable global business model in software outsourcing. Business Process Management Journal 19:1, 54-69. [Abstract] [Full Text] [PDF]
7. Gurpreet Dhillon, Romilla Chowdhuri, Filipe de Sá-Soares. Secure Outsourcing: An Investigation of the Fit between Clients and Providers 405-418. [Crossref]
8. Jonna Järveläinen. 2012. Information security and business continuity management in interorganizational IT relationships. Information Management & Computer Security 20:5, 332-349. [Abstract] [Full Text] [PDF]
9. Guido Nassimbeni, Marco Sartor, Daiana Dus. 2012. Security risks in service offshoring and outsourcing. Industrial Management & Data Systems 112:3, 405-440. [Abstract] [Full Text] [PDF]
10. Theera Erawan, Donyaprueth Krairit, Do Ba Khang. 2011. Tourists' external information search behavior model: the case of Thailand. Journal of Modelling in Management 6:3, 297-316. [Abstract] [Full Text] [PDF]
11. L. Turulja, N. Bajgoric. Business Continuity and Information Systems 60-87. [Crossref]
D ow
nl oa
de d
by W
al de
n U
ni ve
rs it
y A
t 19
:0 7
11 M
ar ch
2 01
8 (P
T )