Outsourcing Information Security

Description

CONTENTS

Outsourcing and Information Security - First - Some Definitions. Second - A Clarification. Y2K as a Turning Point. The Post Y2K Outsourcing Speed Bump. Shaky Managed Security Services Providers. A Prognosis. The Information Security Market.

Information Security Risks - Threats. Vulnerabilities. Summary.

Justifying Outsourcing - Professed Reasons to Outsource. The Basis for Decision. Reasons for Considering Outsourcing. Summary.

Risks of Outsourcing - Loss of Control. Viability of Service Providers. Relative Size of Customer. Quality of Service. The Issue of Trust. Performance of Applications and Services. Lack of Expertise. "Hidden" and Uncertain Costs. Limited or No Customization and Enhancements. Knowledge Transfer. Shared Environments. Legal and Regulatory Matters. Summary and Conclusion.

Categorizing Costs and Benefits - Structured, Unbiased Analysis The Ideal. Costs and Benefits.

Costs and Benefits Throughout the Evaluation Process - Triggering the Process. Different Strokes. Analysis of Costs and Benefits. Costs to the Customer. Costs to the Service Providers. Benefits to the Customer. Benefits to the Service Providers. Refining the Statement of Work. Service Level Agreement. Implementation. Transition Phase. Transferring form In-House to Out-of-House. Monitoring, Reporting and Review. Dispute Resolution. Incident Response, Recovery and Testing. Extrication. Conclusion.

The Outsourcing Evaluation Process - Customer and Outsourcer Requirements--Including All Costs. Structure of the Chapter. The Gathering of Requirements. Business Requirements. Viability of the Service Provider. Marketplace and Busyness Prospects. Technology Requirements.

Outsourcing Security Functions and Security Considerations when Outsourcing - Security Management Practices. Asset Classification and Control. Information Security Policy. Access Control and Identity Protection. Application and System Development. Operations Security and Operational Risk. Security Models and Architecture. Physical and Environmental Security. Telecommunications and Network Security. Cryptography. Disaster Recovery and Business Continuity. Law, Investigations, Ethics. Summary.

Summary of the Outsourcing Process Soup to Nuts.

Appendix A - Candidate Security Services for Outsourcing.

Appendix B - A Brief History of IT Outsourcing.

Appendix C - A Brief History of Information Security.

Selected Bibliography. Index.