Outsourcing Information Security
Published in October 2004
Book
Hardback
266 pages
978-1-58053-531-1 (ISBN)
Description
This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions. Moreover, it enables you to determine which information security functions should be performed by a third party, better manage third-party relationships, and ensure that any functions handed over to a third party meet good security standards. From discussions on the IT outsourcing marketplace and the pros and cons of the IT outsourcing decision process, to a look at IT and IS service provider relationships and trends affecting outsourcing, this essential reference provides insight into how organizations are addressing some of the more thorny issues of IT and security outsourcing.
More details
Edition
Unabridged edition
Language
English
Place of publication
Norwood
United States
Target group
Professional and scholarly
Edition type
Unabridged edition
ISBN-13
978-1-58053-531-1 (9781580535311)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Warren Axelrod
Outsourcing Information Security
E-Book
01/2003
1st Edition
Artech House
€87.49
Available for download
Person
C. Warren Axelrod is a director of the Pershing Division of Donaldson, Lufkin & Jenrette Securities Corporation, where he is responsible for global information security. He has been a senior information technology manager in the financial services industry and on Wall Street for more than 25 years, has contributed to numerous conferences and seminars, and has published extensively. He holds a Ph.D. in managerial economics from Cornell University and an M.A. in Economics and Statistics from Glasgow University.
Content
Foreword.; Preface e The Time Was Right. The Intent of the Book. Acknowledgements.; Outsourcing and Information Security e First - Some Definitions. Second - A Clarification. Y2K as a Turning Point. The Post Y2K Outsourcing Speed Bump. Shaky Managed Security Services Providers. A Prognosis. The Information Security Market.; Information Security Risks e Threats. Vulnerabilities. Summary.; Justifying Outsourcing e Professed Reasons to Outsource. The Basis for Decision. Reasons for Considering Outsourcing. Summary.; Risks of Outsourcing e Loss of Control. Viability of Service Providers. Relative Size of Customer. Quality of Service. The Issue of Trust. Performance of Applications and Services. Lack of Expertise. Hidden and Uncertain Costs. Limited or No Customization and Enhancements. Knowledge Transfer. Shared Environments. Legal and Regulatory Matters. Summary and Conclusion.; Categorizing Costs and Benefits e Structured, Unbiased Analysis ?ae The Ideal. Costs and Benefits.; Costs and Benefits Throughout the Evaluation Process e Triggering the Process. Different Strokes. Analysis of Costs and Benefits. Costs to the Customer. Costs to the Service Providers. Benefits to the Customer. Benefits to the Service Providers. Refining the Statement of Work. Service Level Agreement. Implementation. Transition Phase. Transferring form In-House to Out-of-House. Monitoring, Reporting and Review. Dispute Resolution. Incident Response, Recovery and Testing. Extrication. Conclusion.; The Outsourcing Evaluation Process e Customer and Outsourcer RequirementseeIncluding All Costs. Structure of the Chapter. The Gathering of Requirements. Business Requirements. Viability of the Service Provider. Marketplace and Busyness Prospects. Technology Requirements.; Outsourcing Security Functions and Security Considerations when Outsourcing e Security Management Practices. Asset Classification and Control. Information Security Policy. Access Control and Identity Protection. Application and System Development. Operations Security and Operational Risk. Security Models and Architecture. Physical and Environmental Security. Telecommunications and Network Security. Cryptography. Disaster Recovery and Business Continuity. Law, Investigations, Ethics. Summary.; Summary of the Outsourcing Process, Soup to Nuts.; Appendix A e Candidate Security Services for Outsourcing.; Appendix B e A Brief History of IT Outsourcing.; Appendix C e A Brief History of Information Security.; Selected Bibliography. Index.;