{"id":"https://openalex.org/W7087694207","doi":"https://doi.org/10.18420/inf2025_123","title":"A Review of Theoretical Perspectives on Information Security Risks in IT Outsourcing","display_name":"A Review of Theoretical Perspectives on Information Security Risks in IT Outsourcing","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W7087694207","doi":"https://doi.org/10.18420/inf2025_123"},"language":"en","primary_location":{"id":"doi:10.18420/inf2025_123","is_oa":true,"landing_page_url":"https://doi.org/10.18420/inf2025_123","pdf_url":null,"source":{"id":"https://openalex.org/S7407052918","display_name":"Gesellschaft f\u00fcr Informatik (GI)","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article-journal"},"type":"article","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.18420/inf2025_123","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Golz, Tobias","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Golz, Tobias","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Winkler, Till J.","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Winkler, Till J.","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.67074354,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":{"id":"https://openalex.org/T11912","display_name":"Outsourcing and Supply Chain Management","score":0.4934000074863434,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11912","display_name":"Outsourcing and Supply Chain Management","score":0.4934000074863434,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.313400000333786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11864","display_name":"Supply Chain Resilience and Risk Management","score":0.03830000013113022,"subfield":{"id":"https://openalex.org/subfields/1408","display_name":"Strategy and Management"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/outsourcing","display_name":"Outsourcing","score":0.7182999849319458},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5511999726295471},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.4812999963760376},{"id":"https://openalex.org/keywords/thematic-analysis","display_name":"Thematic analysis","score":0.4147999882698059},{"id":"https://openalex.org/keywords/dimension","display_name":"Dimension (graph theory)","score":0.3808000087738037},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.3702000081539154},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.3605000078678131}],"concepts":[{"id":"https://openalex.org/C46934059","wikidata":"https://www.wikidata.org/wiki/Q61515","display_name":"Outsourcing","level":2,"score":0.7182999849319458},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5511999726295471},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.536300003528595},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5060999989509583},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.4812999963760376},{"id":"https://openalex.org/C74196892","wikidata":"https://www.wikidata.org/wiki/Q7781188","display_name":"Thematic analysis","level":3,"score":0.4147999882698059},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.3808000087738037},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.3702000081539154},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.3605000078678131},{"id":"https://openalex.org/C14224292","wikidata":"https://www.wikidata.org/wiki/Q13600188","display_name":"Conceptual framework","level":2,"score":0.33480000495910645},{"id":"https://openalex.org/C13606891","wikidata":"https://www.wikidata.org/wiki/Q2623243","display_name":"Conceptual model","level":2,"score":0.32760000228881836},{"id":"https://openalex.org/C162118730","wikidata":"https://www.wikidata.org/wiki/Q1128453","display_name":"Actuarial science","level":1,"score":0.32710000872612},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.32269999384880066},{"id":"https://openalex.org/C119982944","wikidata":"https://www.wikidata.org/wiki/Q1394203","display_name":"Information economics","level":2,"score":0.3091999888420105},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.29829999804496765},{"id":"https://openalex.org/C121017731","wikidata":"https://www.wikidata.org/wiki/Q11661","display_name":"Information technology","level":2,"score":0.2922999858856201},{"id":"https://openalex.org/C9272383","wikidata":"https://www.wikidata.org/wiki/Q5001930","display_name":"Business risks","level":2,"score":0.26649999618530273},{"id":"https://openalex.org/C539667460","wikidata":"https://www.wikidata.org/wiki/Q2414942","display_name":"Management science","level":1,"score":0.26260000467300415},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.258899986743927},{"id":"https://openalex.org/C189708586","wikidata":"https://www.wikidata.org/wiki/Q1504425","display_name":"Systematic review","level":3,"score":0.251800000667572},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.250900000333786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.18420/inf2025_123","is_oa":true,"landing_page_url":"https://doi.org/10.18420/inf2025_123","pdf_url":null,"source":{"id":"https://openalex.org/S7407052918","display_name":"Gesellschaft f\u00fcr Informatik (GI)","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"doi:10.18420/inf2025_123","is_oa":true,"landing_page_url":"https://doi.org/10.18420/inf2025_123","pdf_url":null,"source":{"id":"https://openalex.org/S7407052918","display_name":"Gesellschaft f\u00fcr Informatik (GI)","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article-journal"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.4400867521762848,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Information":[0],"security":[1,117],"risks":[2,21,53,58,118],"are":[3,22,59],"a":[4,40],"central":[5],"challenge":[6],"in":[7,25,54,119],"IT":[8,121],"outsourcing,":[9],"affecting":[10],"the":[11,36,49,73,113,120],"confidentiality,":[12],"integrity,":[13],"and":[14,44,85],"availability":[15],"of":[16,76,115],"critical":[17],"assets.":[18],"While":[19],"such":[20],"widely":[23],"discussed":[24],"practice-oriented":[26],"literature,":[27],"their":[28],"theoretical":[29],"foundations":[30],"remain":[31],"underexplored.":[32],"This":[33],"study":[34],"addresses":[35],"gap":[37],"by":[38],"combining":[39],"systematic":[41],"literature":[42],"review":[43],"thematic":[45],"analysis":[46,71],"to":[47,62,111],"identify":[48],"most":[50],"frequently":[51],"cited":[52],"academic":[55],"research.":[56],"These":[57],"then":[60],"mapped":[61],"established":[63],"theories":[64,101],"using":[65],"an":[66],"alternative":[67],"casing":[68],"approach.":[69],"The":[70,88],"assesses":[72],"explanatory":[74],"fit":[75],"each":[77],"identified":[78],"theory":[79,94],"based":[80],"on":[81],"cause\u2013consequence":[82],"logic,":[83],"centrality,":[84],"conceptual":[86],"relevance.":[87],"findings":[89],"show":[90],"that":[91],"no":[92],"single":[93],"sufficiently":[95],"explains":[96],"all":[97],"risks;":[98],"instead,":[99],"different":[100],"offer":[102],"complementary":[103],"perspectives.":[104],"A":[105],"multi-theoretical":[106],"approach":[107],"is":[108],"therefore":[109],"essential":[110],"capture":[112],"complexity":[114],"information":[116],"outsourcing":[122],"context.":[123]},"counts_by_year":[],"updated_date":"2025-11-06T06:51:31.235846","created_date":"2025-10-11T00:00:00"}