CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Information Systems (DISS)


College of Engineering and Computing


Gurvirender P. Tejay

Committee Member

Ling Wang

Committee Member

Laurie Dringus


The purpose of this research was to identify key determinants of service provider effectiveness and how it impacts outsourced security success. As environments have become more robust and dynamic, many organizations have made the decision to leverage external security expertise and have outsourced many of their information technology security functions to Managed Security Service Providers (MSSPs).

Information Systems Outsourcing, at its core, is when a customer chooses to outsource certain information technology functions or services to a service provider and engages in a legally binding agreement. While legal contracts govern many aspects of an outsourcing arrangement, it cannot serve as the sole source of determining the outcome of a project. Organizations are viewing outsourcing success as an attainment of net benefits achieved through the use of a service provider. The effectiveness of the service provider has an impact on a company’s ability to meet business objectives and adhere to service level agreements. Many empirical studies have focused on outsourcing success, but few have focused on service provider effectiveness, which can serve as a catalyst to outsourcing success.

For this research, Agency Theory (AT) was proposed as a foundation for developing the research model which included key areas of focus in information asymmetry, the outsourcing contract, moral hazard, trust, service provider effectiveness, and security outsourcing success. Agency Theory helped uncover several hypotheses deemed germane to service provider effectiveness and provided insight into helping understand the principal-agent paradigm that exists with security outsourcing. Confirmatory Factor Analysis (CFA) and Partial Least Squares-Structured Equation Modeling (PLS-SEM) were used with SmartPLS to analyze the data and provided clarity and validation for the research model and helped uncover key determinants of service provider effectiveness.

The statistical results showed support for information asymmetry, contract, and trust, all of which were mediated through service provider effectiveness. The results also showed that service provider effectiveness is directly correlated to increasing security outsourcing success. This concluded that the research model showed significant results to support 4 of the 5 hypotheses proposed and helped uncover key findings on how security outsourcing success can be impacted. This research served as an original contribution to information security while viewing outsourcing success from the perspective of the client, security services, and customer expectations.