IT security outsourcing is the establishment of a contractual relationship with an outside vendor to assume responsibility for one or more security functions. The decision-making process associated with outsourcing security is complex. To improve the effectiveness of the decision-making process a conceptual model that integrates security benefits, costs and their respective performance measures will be developed. This model will support management in their aim of overseeing IT security effectively. The research will make a valuable contribution towards determining the impact of IT security outsourcing within Australia.