The increasing number of cyber-attacks requires an organizational awareness about the disruptive effects of fraud attempts and acts of vandalism on business continuity and, sometimes, on company survival. The context influences the way companies use and adapt these theories in practice, so we consider in this study differences in the effectiveness of cybersecurity best practices between organizations that manage internally or outsource the cybersecurity processes. We conducted a study involving 153 managers’ experts in cybersecurity who responded to a survey on the effectiveness of NIST procedures. Results revealed significant differences in the effectiveness of managing cybersecurity in-house or outsource it. Specifically, major differences can be observed in the variables related to the use of disciplinary processes, the protection of log information, and the use of lessons learned to improve recovery plans. These differences provide further insights for cybersecurity management literature and a practical instrument for organizations willing to adapt their cyber processes to their organizational context.
2022, Lecture Notes in Networks and Systems, Pages 17-31 (volume: 360 LNNS)
The Effectiveness of Outsourcing Cybersecurity Practices: A Study of the Italian Context (04b Atto di convegno in volume)
Annarelli A., Colabianchi S., Nonino F., Palombi G.
ISBN: 978-3-030-89911-0; 978-3-030-89912-7
Gruppo di ricerca: Industrial Organization and Management