[
Aldya, A. P., Sutikno, S., & Rosmansyah, Y. (2019). Measuring effectiveness of control of information security management system based on SNI ISO/IEC 27004: 2013 standard. IOP Conference Series: Materials Science and Engineering, 550(1). https://doi.org/10.1088/1757-899X/550/1/012020
]Search in Google Scholar
[
Atkinson, M. A., Bayazit, O., & Karpak, B. (2015). A case study using the Analytic Hierarchy Process for IT outsourcing decision making. International Journal of Information Systems and Supply Chain Management, 8(1), 60–84. https://doi.org/10.4018/ijisscm.2015010104
]Search in Google Scholar
[
Atmojo, T. A., Prabowo, H., So, I. G., & Abdinagoro, S. B. (2019). Improving information security performance: the role of management support and security operation center. International Journal of Recent Technology and Engineering, 8(2), 4880–4886. https://doi.org/10.35940/ijrte.B3653.078219
]Search in Google Scholar
[
Beckers, K., Côté, I., Faßbender, S., Heisel, M., & Hofbauer, S. (2013). A pattern-based method for establishing a cloud-specific information security management system: Establishing information security management systems for clouds considering security, privacy, and legal compliance. Requirements Engineering, 18(4), 343–395. https://doi.org/10.1007/s00766-013-0174-7
]Search in Google Scholar
[
Beybutov, E. (2009). Managing of information security with outsource service provider. In International Siberian Conference on Control and Communications, SIBCON-2009, (pp. 62–66). Tomsk, Russia: IEEE10.1109/SIBCON.2009.5044831
]Search in Google Scholar
[
Bojanc, R., Jerman-Blažič, B., & Tekavčič, M. (2012). Managing the investment in information security technology by use of a quantitative modeling. Information Processing and Management, 48(6), 1031–1052. https://doi.org/10.1016/j.ipm.2012.01.001
]Search in Google Scholar
[
Božičević, J., Lovrić, I., Bartulović, D., Steiner, S., Roso, V., & Škrinjar, J. P. (2021). Determining optimal dry port location for seaport Rijeka using AHP decision-making methodology. Sustainability (Switzerland), 13(11). https://doi.org/10.3390/su13116471
]Search in Google Scholar
[
Cezar, A., Cavusoglu, H., & Raghunathan, S. (2016). Sourcing Information Security Operations: The Role of Risk Interdependency and Competitive Externality in Outsourcing Decisions. Production and Operations Management, 26(5), 860–879. https://doi.org/10.1111/ijlh.12426
]Search in Google Scholar
[
Chu, A. M. Y., & So, M. K. P. (2020). Organizational information security management for sustainable information systems: An unethical employee information security behavior perspective. Sustainability (Switzerland), 12(8), 1–25. https://doi.org/10.3390/SU12083163
]Search in Google Scholar
[
Cisco. (2018). Annual Cybersecurity Report (pp. 1-68). Retrieved from: https://www.cisco.com/c/dam/m/hu_hu/campaigns/security-hub/pdf/acr-2018.pdf
]Search in Google Scholar
[
Clement, J. (2020). Amount of monetary damage caused by reported cyber crime to the IC3 from 2001 to 2019. Retrieved from: https://www.statista.com/statistics/267132/total-damage-caused-by-by-cyber-crime-in-the-us/
]Search in Google Scholar
[
Cybersecurity Insiders. (2018). Managed Security Report. Retrieved from: https://www.cybersecurity-insiders.com/download-reports/
]Search in Google Scholar
[
Dibbern, J., Goles, T., Hirschheim, R., & Jayatilaka, B. (2004). Information Systems Outsourcing: A Survey and Analysis of the Literature. The Data Base for Advances in Information Systems, 35(4), 6–102. https://doi.org/10.1145/1035233.1035236
]Search in Google Scholar
[
Eduardovich, D. V., & Vladimirovich, Y. A. (2016). Reputation risks through information security incidents. In Proceedings of the 2016 IEEE North West Russia Section Young Researchers in Electrical and Electronic Engineering Conference, EIConRusNW 2016, (pp. 194–198). St. Petersburg, Russia; St. Petersburg Electrotechnical University.10.1109/EIConRusNW.2016.7448152
]Search in Google Scholar
[
Faisal, M. N., & Raza, S. A. (2016). IT outsourcing intent in academic institutions in GCC countries: An empirical investigation and multi-criteria decision model for vendor selection. Journal of Enterprise Information Management, 29(3), 432–453. https://doi.org/10.1108/JEIM-05-2015-0042
]Search in Google Scholar
[
Feng, N., & Chen, B. (2017). An Integrated Strategy for Information Security: Outsourcing and In-house. In E. Qi, J. Shen & R. Dou (Eds.), Proceedings of the 23rd International Conference on Industrial Engineering and Engineering Management 2016, (pp. 305–309). Bali, Indonesia: Atlantic Press.10.2991/978-94-6239-255-7_55
]Search in Google Scholar
[
Feng, N., Chen, Y., Feng, H., Li, D., & Li, M. (2019). To outsource or not: The impact of information leakage risk on information security strategy. Information and Management, 57(5). https://doi.org/10.1016/j.im.2019.103215
]Search in Google Scholar
[
Feng, N., Wang, M., Li, M., & Li, D. (2019b). Effect of security investment strategy on the business value of managed security service providers. Electronic Commerce Research and Applications, 35(March), 100843. https://doi.org/10.1016/j.elerap.2019.100843
]Search in Google Scholar
[
Fenn, C., Shooter, R., & Allan, K. (2002). IT security outsourcing: How safe is your IT security? Computer Law and Security Report, 18(2), 109–111. https://doi.org/10.1016/S0267-3649(02)03009-1
]Search in Google Scholar
[
Fusiripong, P., Baharom, F., & Yusof, Y. (2020). Analytic hierarchy process with firefly algorithm for supplier selection in IT project outsourcing. Journal of Theoretical and Applied Information Technology, 98(8), 1255–1269.
]Search in Google Scholar
[
Georg, L. (2017). Information security governance: pending legal responsibilities of non-executive boards. Journal of Management and Governance, 21(4), 793–814. https://doi.org/10.1007/s10997-016-9358-0
]Search in Google Scholar
[
Goepel, K. D. (2018). Implementation of an Online Software Tool for the Analytic Hierarchy Process (AHPOS). Journal of the Analytic Hierarchy Process, 10(3), 469–487. https://doi.org/10.13033/ijahp.v10i3.590
]Search in Google Scholar
[
Gulla, U., & Gupta, M. P. (2011). Deciding the level of information systems outsourcing: Proposing a framework and validation with three Indian banks. Journal of Enterprise Information Management, 25(1), 28–59. https://doi.org/10.1108/17410391211192152
]Search in Google Scholar
[
Harker, P. T., & Vargas, L. G. (1987). Theory of Ratio Scale Estimation: Saaty’s Analytic Hierarchy Process. Management Science, 33(1), 1383–1403. https://doi.org/10.1287/mnsc.33.11.1383
]Search in Google Scholar
[
He, M. X., & An, X. (2016). Information security risk assessment based on analytic hierarchy process. Indonesian Journal of Electrical Engineering and Computer Science, 1(3), 656–664. https://doi.org/10.11591/ijeecs.v1.i3.pp656-664
]Search in Google Scholar
[
Ishizaka, A., & Siraj, S. (2018). Are multi-criteria decision-making tools useful? An experimental comparative study of three methods. European Journal of Operational Research, 264(2), 462–471. https://doi.org/10.1016/j.ejor.2017.05.041
]Search in Google Scholar
[
Jain, R. K., & Natarajan, R. (2011). Factors influencing the outsourcing decisions: A study of the banking sector in India. Strategic Outsourcing: An International Journal, 4(3), 294–322. https://doi.org/10.1108/17538291111185485
]Search in Google Scholar
[
Kabir, G., Sadiq, R., & Tesfamariam, S. (2014). A review of multi-criteria decision-making methods for infrastructure management. Structure and Infrastructure Engineering, 10(9), 1176-1210. https://doi.org/10.1080/15732479.2013.795978
]Search in Google Scholar
[
Karyda, M., Mitrou, E., & Quirchmayr, G. (2006). A framework for outsourcing IS/IT security services. Information Management & Computer Security, 14(5), 403–416. https://doi.org/10.1108/09685220610707421
]Search in Google Scholar
[
Khan, G. M., Khan, S. U., Khan, H. U., & Ilyas, M. (2022). Challenges and practices identification in complex outsourcing relationships: A systematic literature review. PLoS ONE, 17(January). https://doi.org/10.1371/journal.pone.0262710
]Search in Google Scholar
[
Ključnikov, A., Mura, L., & Sklenár, D. (2019). Information security management in SMEs: Factors of success. Entrepreneurship and Sustainability Issues, 6(4), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37)
]Search in Google Scholar
[
Lacity, M. C., & Willcocks, L. P. (2013). Legal process outsourcing: the provider landscape. Strategic Outsourcing: An International Journal, 6(2), 167–183. https://doi.org/10.1108/SO-11-2012-0021
]Search in Google Scholar
[
Leszczyna, R., & Litwin, A. (2020). Estimating the Cost of Cybersecurity Activities with CAsPeA: A Case Study and Comparative Analysis. In S. Kanhere, In T. Patil, S. Sural, & M. S. Gaur (Eds.), 16th International Conference on Information Systems Security, ICISS 2020, (pp. 267–287). Springer.10.1007/978-3-030-65610-2_17
]Search in Google Scholar
[
Liu, C. W., Huang, P., & Lucas, H. C. (2018). IT Centralization, Security Outsourcing, and Cybersecurity Breaches: Evidence from the U.S. Higher Education. In Y. J. Kim, R. Agarawal & J. K. Lee (Eds.), ICIS 2017: Transforming Society with Digital Innovation, (pp. 1–18). Seul, South Korea: Association for Information Systems.10.2139/ssrn.2850178
]Search in Google Scholar
[
Marcikić, A., & Radovanov, B. (2011). A Decision Model for Outsourcing Business Activities. International Symposium Engineering Management and Competitiveness, 69–74.
]Search in Google Scholar
[
MarketsAndMarkets. (2020). Managed Security Services Market by Type (Managed IAM, Antivirus/Antimal-ware, SIEM, and UTM), Deployment Mode, Organization Size, Vertical (BFSI, Government, Retail, Healthcare, Telecom, Utilities, and Manufacturing), and Region - Global Forecast to 2025. Retrieved from: https://www.marketsandmarkets.com/Market-Reports/managed-security-services-market-5918403.html
]Search in Google Scholar
[
Moisiadis, F. (1999). Case Study on the Use of Scaling Methods for Prioritising Requirements. INCOSE International Symposium, 9(1), 1451–1457.10.1002/j.2334-5837.1999.tb00329.x
]Search in Google Scholar
[
Pakpahan, J., Eryadi, R. A., Budiman, A., Sunandar, N., Syahid, L. M., & Shihab, M. R. (2021). Critical Success Factors of IT Outsourcing in Indonesian Public Sectors: A Case Study at Employment Social Security Agency. ICOIACT 2021 - 4th International Conference on Information and Communications Technology: The Role of AI in Health and Social Revolution in Turbulence Era, (pp. 47–52). Online: IEEE.10.1109/ICOIACT53268.2021.9563920
]Search in Google Scholar
[
Ponemon Institute. (2019). The Cost of Third-Party Cybersecurity Risk Management. Retrieved from: https://www.cybergrx.com/resources/research-and-insights/ebooks-and-reports/the-cost-of-third-party-cybersecurity-risk-management
]Search in Google Scholar
[
Ponsard, C., Grandclaudon, J., & Dallons, G. (2018). Towards a cyber security label for SMEs: A european perspective. In P. Mori, S. Furnell & O. Camp (Eds.). ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy, (pp. 426–431). Madeira, Portugal: Springer.10.5220/0006657604260431
]Search in Google Scholar
[
Popp, N., Jensen, J. A., McEvoy, C. D., & Weiner, J. F. (2020). An examination of the effects of outsourcing ticket sales force management. International Journal of Sports Marketing and Sponsorship, 21(2), 205–223.10.1108/IJSMS-04-2019-0046
]Search in Google Scholar
[
Prakash, S., Soni, G., Mittal, S., & Singh Rathore, A. P. (2014). Information Risks Modeling in e-business Supply Chain using AHP. In Recent Advances in Engineering and Computational Sciences (RAECS), (pp. 1-5). Chandigarh, India: IEEE.10.1109/RAECS.2014.6799634
]Search in Google Scholar
[
Rajaeian, M. M., Cater-Steel, A., & Lane, M. (2015). IT outsourcing decision factors in research and practice: A case study. In F. Burstein, H. Scheepers & G. Deegan (Eds.). ACIS 2015 Proceedings - 26th Australasian Conference on Information Systems, (pp. 1–12). Adelaide, Australia: University of South Australia.
]Search in Google Scholar
[
Ren, Z. J., & Zhou, Y. P. (2008). Call center outsourcing: Coordinating staffing level and service quality. Management Science, 54(2), 369–383. https://doi.org/10.1287/mnsc.1070.0820
]Search in Google Scholar
[
Russo, R. D. F. S. M., & Camanho, R. (2015). Criteria in AHP: A systematic review of literature. Information Technology and Quantitative Management, 55, 1123–1132. https://doi.org/10.1016/j.procs.2015.07.081
]Search in Google Scholar
[
Saaty, T. L. (1980). The Analytic Hierarchy Process. Mc-Graw Hill.10.21236/ADA214804
]Search in Google Scholar
[
Saaty, T. L. (1990). How to make a decision: The analytic hierarchy process. European Journal of Operational Research, 48(1), 9–26. https://doi.org/10.1016/0377-2217(90)90057-I
]Search in Google Scholar
[
Saaty, T. L., & Tran, L. T. (2007). On the invalidity of fuzzifying numerical judgments in the Analytic Hierarchy Process. Mathematical and Computer Modelling, 46(7–8), 962–975. https://doi.org/10.1016/j.mcm.2007.03.022
]Search in Google Scholar
[
Shahrasbi, A., Shamizanjani, M., Alavidoost, M. H., & Akhgar, B. (2017). An aggregated fuzzy model for the selection of a managed security service provider. International Journal of Information Technology and Decision Making, 16(3), 625–684. https://doi.org/10.1142/S0219622017500158
]Search in Google Scholar
[
Sung, W., & Kang, S. Y. (2017). An empirical study on the effect of information security activities: Focusing on technology, institution, and awareness. In C. C. Hinnant & O. Adegboyega (Eds.). ACM International Conference Proceeding Series, (pp. 84–93). New York, New York: Association for Computing Machinery.10.1145/3085228.3085242
]Search in Google Scholar
[
Wang, G., Qin, L., Li, G., & Chen, L. (2009). Landfill site selection using spatial information technologies and AHP: A case study in Beijing, China. Journal of Environmental Management, 90(8), 2414–2421. https://doi.org/10.1016/j.jenvman.2008.12.008
]Search in Google Scholar
[
Wang, J. J., Lin, Z. K., & Zhang, G. Q. (2008). A decision model for IS outsourcing based on AHP and ELECTREIII. In 2008 International Conference on Wireless Communications, Networking and Mobile Computing, WiCOM 2008, (pp. 1–4). Dalian, China: IEEE.10.1109/WiCom.2008.2763
]Search in Google Scholar
[
Wu, Y., Duan, J., Dai, T., & Cheng, D. (2020). Managing security outsourcing in the presence of strategic hackers. Decision Analysis, 17(3), 235–259. https://doi.org/10.1287/deca.2019.0406
]Search in Google Scholar
[
Wu, Y., Fung, R. Y. K., Feng, G., & Wang, N. (2017). Decisions making in information security outsourcing: Impact of complementary and substitutable firms. Computers and Industrial Engineering, 110, 1-12. https://doi.org/10.1016/j.cie.2017.05.018
]Search in Google Scholar
[
Zammani, M., Razali, R., & Singh, D. (2019). Factors contributing to the success of information security management implementation. International Journal of Advanced Computer Science and Applications, 10(11), 384–391. https://doi.org/10.14569/IJACSA.2019.0101153
]Search in Google Scholar
[
Zúñiga, A. R. R., & Jaatun, M. G. (2016). Passing the buck: Outsourcing incident response management. In Proceedings of 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015, (pp. 503–508). Vancouver, Canada: IEEE.
]Search in Google Scholar