The increasing number of cyber-attacks requires an organizational awareness about the disruptive effects of fraud attempts and acts of vandalism on business continuity and, sometimes, on company survival. The context influences the way companies use and adapt these theories in practice, so we consider in this study differences in the effectiveness of cybersecurity best practices between organizations that manage internally or outsource the cybersecurity processes. We conducted a study involving 153 managers’ experts in cybersecurity who responded to a survey on the effectiveness of NIST procedures. Results revealed significant differences in the effectiveness of managing cybersecurity in-house or outsource it. Specifically, major differences can be observed in the variables related to the use of disciplinary processes, the protection of log information, and the use of lessons learned to improve recovery plans. These differences provide further insights for cybersecurity management literature and a practical instrument for organizations willing to adapt their cyber processes to their organizational context.
2022, Proceedings of the Future Technologies Conference (FTC) 2021, Pages 17-31 (volume: 360)
The Effectiveness of Outsourcing Cybersecurity Practices: A Study of the Italian Context (04b Atto di convegno in volume)
Annarelli Alessandro, Colabianchi Silvia, Nonino Fabio, Palombi Giulia
ISBN: 978-3-030-89911-0; 978-3-030-89912-7