Cover image for Outsourcing information security
Title:
Outsourcing information security
Personal Author:
Publication Information:
Norwood, MA : Artech House, 2004
ISBN:
9781580535311

Available:*

Library
Item Barcode
Call Number
Material Type
Item Category 1
Status
Searching...
30000010082496 QA76.9.A25 A93 2004 Open Access Book Book
Searching...
Searching...
30000010178926 QA76.9.A25 A93 2004 Open Access Book Book
Searching...
Searching...
30000010219376 QA76.9.A25 A93 2004 Open Access Book Book
Searching...

On Order

Summary

Summary

This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions. Moreover, it enables you to determine which information security functions should be performed by a third party, better manage third-party relationships, and ensure that any functions handed over to a third party meet good security standards.


Table of Contents

Forewordp. xv
Prefacep. xix
Acknowledgmentsp. xxv
1 Outsourcing and Information Securityp. 1
First ... Some Definitionsp. 2
Second ... A Clarificationp. 2
Y2K as a Turning Pointp. 3
The Post Y2K Outsourcing Speed Bumpp. 5
Shaky Managed Security Services Providersp. 6
A Prognosisp. 7
The Information Security Marketp. 8
Referencesp. 9
2 Information Security Risksp. 11
Threatsp. 11
From Internal Sourcep. 11
From External Sourcesp. 13
Review of Threatsp. 16
Vulnerabilitiesp. 17
Computer Systems and Networksp. 17
Software Developmentp. 17
Systemic Risksp. 18
Operational Riskp. 19
Operator and Administrator Riskp. 20
Complexity Riskp. 21
Life-Cycle Riskp. 21
Risks of Obsolescencep. 23
Vendor Viability Riskp. 24
Risk of Poor Quality Supportp. 24
Conversion Riskp. 24
Risk of Dependency on Key Individualsp. 25
Summaryp. 25
Referencesp. 25
3 Justifying Outsourcingp. 27
Professed Reasons to Outsourcep. 27
The Basis for Decisionp. 28
Reasons for Considering Outsourcingp. 28
Cost Savingsp. 29
Performancep. 35
Securityp. 37
Expertisep. 40
Computer Applicationsp. 41
Supportp. 43
Financial Arrangementsp. 45
Summaryp. 47
The Other Side of the Outsourcing Decisionp. 48
Referencesp. 48
4 Risks of Outsourcingp. 49
Loss of Controlp. 49
Viability of Service Providersp. 50
Reasons for Abandoning Servicep. 54
Relative Size of Customerp. 55
Quality of Servicep. 56
Tangiblesp. 56
Reliabilityp. 56
Responsivenessp. 57
Assurancep. 57
Empathyp. 57
Definitionsp. 59
The Issue of Trustp. 59
Performance of Applications and Servicesp. 62
Lack of Expertisep. 63
Hidden and Uncertain Costsp. 63
Limited Customization and Enhancementsp. 66
Knowledge Transferp. 66
Shared Environmentsp. 67
Legal and Regulatory Mattersp. 67
Summary and Conclusionp. 68
Referencesp. 68
5 Categorizing Costs and Benefitsp. 71
Structured, Unbiased Analysis--The Idealp. 71
Costs and Benefitsp. 72
Tangible Versus Intangible Costs and Benefitsp. 72
Objective Versus Subjective Costs and Benefitsp. 72
Direct Versus Indirect Costs and Benefitsp. 73
Controllable Versus Noncontrollable Costs and Benefitsp. 73
Certain Versus Probabilistic Costs and Benefitsp. 73
Fixed Versus Variable Costs and Benefitsp. 73
One-Time Versus Ongoing Costs and Benefitsp. 74
Tangible-Objective-Direct Costs and Benefitsp. 75
Tangible-Objective-Indirect Costs and Benefitsp. 78
Tangible-Subjective-Direct Costs and Benefitsp. 81
Tangible-Subjective-Indirect Costs and Benefitsp. 81
Intangible-Objective-Direct Costs and Benefitsp. 82
Intangible-Objective-Indirect Costs and Benefitsp. 82
Intangible-Subjective-Direct Costs and Benefitsp. 83
Intangible-Subjective-Indirect Costs and Benefitsp. 83
Next Chapterp. 83
Referencep. 84
6 Costs and Benefits Throughout the Evaluation Processp. 85
Triggering the Processp. 85
Different Strokesp. 87
Analysis of Costs and Benefitsp. 87
The Evaluation Processp. 91
Requests for Information and Proposals--Costsp. 94
Costs to the Customerp. 95
Costs to the Service Providersp. 96
Requests for Information/Proposal--Benefitsp. 96
Benefits to the Customerp. 96
Benefits to the Service Providersp. 98
Refining the Statement of Work (SOW)p. 99
Service Level Agreement (SLA)p. 100
Implementationp. 101
Transition Phasep. 101
Transferring from In-House to Out-of-Housep. 101
Monitoring, Reporting, and Reviewp. 104
Dispute Resolutionp. 104
Incident Response, Recovery, and Testingp. 105
Extricationp. 105
Summaryp. 105
Referencesp. 106
7 The Outsourcing Evaluation Process--Customer and Outsourcer Requirementsp. 107
Investment Evaluation Methodsp. 107
Including All Costsp. 109
Structure of the Chapterp. 111
The Gathering of Requirementsp. 111
Business Requirementsp. 112
Viability of Service Providerp. 116
Financial Analysisp. 116
Marketplace and Business Prospectsp. 117
Health of the Economyp. 118
Marketplace Mattersp. 118
Competitive Environmentp. 119
Structure of the Businessp. 120
Nature of the Businessp. 121
Relative Sizes of Organizationsp. 121
Service Requirementsp. 123
Meeting Expectationsp. 123
Concentration and Dispersion of Business Operations and Functionsp. 124
Customer View of Satisfactory Servicep. 126
Technology Requirementsp. 127
The "Bleeding" Edgep. 127
Referencesp. 128
8 Outsourcing Security Functions and Security Considerations When Outsourcingp. 131
Security Management Practicesp. 134
Security Organizationp. 134
Personnel Securityp. 136
Other Human-Related Concerns of the Companyp. 137
Ameliorating the Concerns of Workersp. 140
Asset Classification and Controlp. 140
Information Security Policyp. 146
Adopt Customer Policyp. 147
Adopt Service Provider's Policyp. 147
Evaluate Responses to Due-Diligence Questionnairep. 147
Enforcement and Compliancep. 147
Access Control and Identity Protectionp. 149
Application and System Developmentp. 151
Operations Security and Operational Riskp. 152
Security Models and Architecturep. 153
Security Services--Frameworkp. 153
Security Infrastructurep. 153
Security Management and Controlp. 154
Frameworkp. 154
Application to Service Providersp. 154
Physical and Environmental Securityp. 155
Telecommunications and Network Securityp. 156
Cryptographyp. 158
Disaster Recovery and Business Continuityp. 159
Business Impact Analysisp. 159
Planningp. 159
Implementation and Testingp. 159
Legal Actionp. 160
Summaryp. 160
Referencesp. 161
9 Summary of the Outsourcing Process--Soup to Nutsp. 163
Appendix A Candidate Security Services for Outsourcingp. 171
Appendix B A Brief History of IT Outsourcingp. 181
The Early Daysp. 181
Remote Job Entryp. 182
Time-Sharingp. 184
Distributed Systemsp. 185
Personal Computers and Workstationsp. 186
The Advent of Big-Time Outsourcingp. 187
The Move Offshorep. 188
And Now Securityp. 189
Networked Systems and the Internetp. 190
The Brave New World of Service Providersp. 191
The Electronic Commerce Modelp. 191
Portals, Aggregation, and Web Servicesp. 192
Straight-Through Processing (STP) and Grid Computingp. 194
Mobile Computingp. 194
Referencesp. 195
Appendix C A Brief History of Information Securityp. 197
The Mainframe Erap. 197
Isolated Data Centersp. 197
Remote Accessp. 198
Distributed Systemsp. 200
Minicomputersp. 200
Client-Server Architecturep. 201
The Wild World of the Webp. 202
The Wireless Revolutionp. 205
Where IT Outsourcing and Security Meetp. 205
Referencesp. 207
Selected Bibliographyp. 209
Annotated References and Resourcesp. 209
Booksp. 210
Newspapers, Journals, and Magazinesp. 211
Computer-Related Publicationsp. 211
Security Publicationsp. 219
Business and Business/Technology Publicationsp. 220
Web-Based Resourcesp. 222
Web-Based Resources Related to Specific Publicationsp. 225
Conferences and Seminarsp. 226
Publications from Professional Associations and Academic Institutionsp. 228
Government Sources: Legal and Regulatoryp. 229
Vendors and Service Providersp. 231
Education and Certificationp. 232
About the Authorp. 235
Indexp. 237