Outsourcing information security / C. Warren Axelrod.

ISBN:

9781580539555

9781580535311

Title:

Outsourcing information security / C. Warren Axelrod.

Author:

Axelrod, C. Warren.

Personal Author:

Axelrod, C. Warren.

Publication Information:

Physical Description:

1 online resource (xxvi, 248 pages) : illustrations.

Series:

Artech House computer security series

Contents:

Outsourcing and Information Security -- Y2K as a Turning Point -- The Post Y2K Outsourcing Speed Bump -- Shaky Managed Security Services Providers -- A Prognosis -- The Information Security Market -- Information Security Risks -- Threats -- From Internal Source -- From External Sources -- Review of Threats -- Vulnerabilities -- Computer Systems and Networks -- Software Development -- Systemic Risks -- Operational Risk -- Operator and Administrator Risk -- Complexity Risk -- Life-Cycle Risk -- Risks of Obsolescence -- Vendor Viability Risk -- Risk of Poor Quality Support -- Conversion Risk -- Risk of Dependency on Key Individuals -- Justifying Outsourcing -- Professed Reasons to Outsource -- The Basis for Decision -- Reasons for Considering Outsourcing -- Cost Savings -- Performance -- Security -- Expertise -- Computer Applications -- Support -- Financial Arrangements -- The Other Side of the Outsourcing Decision -- Risks of Outsourcing -- Loss of Control -- Viability of Service Providers -- Reasons for Abandoning Service -- Relative Size of Customer -- Quality of Service -- Tangibles -- Reliability -- Responsiveness -- Assurance -- Empathy -- The Issue of Trust -- Performance of Applications and Services -- Lack of Expertise -- Hidden and Uncertain Costs -- Limited Customization and Enhancements -- Knowledge Transfer -- Shared Environments -- Legal and Regulatory Matters -- Categorizing Costs and Benefits -- Structured, Unbiased Analysis--The Ideal -- Costs and Benefits.

Local Note:

eBooks on EBSCOhost

Subject Term:

Computer networks -- Computer networks -- Security measures -- United States.

Computers -- Access control -- United States.

Data encryption (Computer science)

Format:

Electronic Resources

Electronic Access:

Click here to view

Publication Date:

2004

Publication Information:

Available:*

Shelf Number	Material Type	Copy	Shelf Location	Status
005.8 22	1:E-BOOK	1	1:ONLINE	Searching... Unknown

Bound With These Titles

On Order

Summary

This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

Foreword	p. xv
Preface	p. xix
Acknowledgments	p. xxv
1 Outsourcing and Information Security	p. 1
First ... Some Definitions	p. 2
Second ... A Clarification	p. 2
Y2K as a Turning Point	p. 3
The Post Y2K Outsourcing Speed Bump	p. 5
Shaky Managed Security Services Providers	p. 6
A Prognosis	p. 7
The Information Security Market	p. 8
References	p. 9
2 Information Security Risks	p. 11
Threats	p. 11
From Internal Source	p. 11
From External Sources	p. 13
Review of Threats	p. 16
Vulnerabilities	p. 17
Computer Systems and Networks	p. 17
Software Development	p. 17
Systemic Risks	p. 18
Operational Risk	p. 19
Operator and Administrator Risk	p. 20
Complexity Risk	p. 21
Life-Cycle Risk	p. 21
Risks of Obsolescence	p. 23
Vendor Viability Risk	p. 24
Risk of Poor Quality Support	p. 24
Conversion Risk	p. 24
Risk of Dependency on Key Individuals	p. 25
Summary	p. 25
References	p. 25
3 Justifying Outsourcing	p. 27
Professed Reasons to Outsource	p. 27
The Basis for Decision	p. 28
Reasons for Considering Outsourcing	p. 28
Cost Savings	p. 29
Performance	p. 35
Security	p. 37
Expertise	p. 40
Computer Applications	p. 41
Support	p. 43
Financial Arrangements	p. 45
Summary	p. 47
The Other Side of the Outsourcing Decision	p. 48
References	p. 48
4 Risks of Outsourcing	p. 49
Loss of Control	p. 49
Viability of Service Providers	p. 50
Reasons for Abandoning Service	p. 54
Relative Size of Customer	p. 55
Quality of Service	p. 56
Tangibles	p. 56
Reliability	p. 56
Responsiveness	p. 57
Assurance	p. 57
Empathy	p. 57
Definitions	p. 59
The Issue of Trust	p. 59
Performance of Applications and Services	p. 62
Lack of Expertise	p. 63
Hidden and Uncertain Costs	p. 63
Limited Customization and Enhancements	p. 66
Knowledge Transfer	p. 66
Shared Environments	p. 67
Legal and Regulatory Matters	p. 67
Summary and Conclusion	p. 68
References	p. 68
5 Categorizing Costs and Benefits	p. 71
Structured, Unbiased Analysis--The Ideal	p. 71
Costs and Benefits	p. 72
Tangible Versus Intangible Costs and Benefits	p. 72
Objective Versus Subjective Costs and Benefits	p. 72
Direct Versus Indirect Costs and Benefits	p. 73
Controllable Versus Noncontrollable Costs and Benefits	p. 73
Certain Versus Probabilistic Costs and Benefits	p. 73
Fixed Versus Variable Costs and Benefits	p. 73
One-Time Versus Ongoing Costs and Benefits	p. 74
Tangible-Objective-Direct Costs and Benefits	p. 75
Tangible-Objective-Indirect Costs and Benefits	p. 78
Tangible-Subjective-Direct Costs and Benefits	p. 81
Tangible-Subjective-Indirect Costs and Benefits	p. 81
Intangible-Objective-Direct Costs and Benefits	p. 82
Intangible-Objective-Indirect Costs and Benefits	p. 82
Intangible-Subjective-Direct Costs and Benefits	p. 83
Intangible-Subjective-Indirect Costs and Benefits	p. 83
Next Chapter	p. 83
Reference	p. 84
6 Costs and Benefits Throughout the Evaluation Process	p. 85
Triggering the Process	p. 85
Different Strokes	p. 87
Analysis of Costs and Benefits	p. 87
The Evaluation Process	p. 91
Requests for Information and Proposals--Costs	p. 94
Costs to the Customer	p. 95
Costs to the Service Providers	p. 96
Requests for Information/Proposal--Benefits	p. 96
Benefits to the Customer	p. 96
Benefits to the Service Providers	p. 98
Refining the Statement of Work (SOW)	p. 99
Service Level Agreement (SLA)	p. 100
Implementation	p. 101
Transition Phase	p. 101
Transferring from In-House to Out-of-House	p. 101
Monitoring, Reporting, and Review	p. 104
Dispute Resolution	p. 104
Incident Response, Recovery, and Testing	p. 105
Extrication	p. 105
Summary	p. 105
References	p. 106
7 The Outsourcing Evaluation Process--Customer and Outsourcer Requirements	p. 107
Investment Evaluation Methods	p. 107
Including All Costs	p. 109
Structure of the Chapter	p. 111
The Gathering of Requirements	p. 111
Business Requirements	p. 112
Viability of Service Provider	p. 116
Financial Analysis	p. 116
Marketplace and Business Prospects	p. 117
Health of the Economy	p. 118
Marketplace Matters	p. 118
Competitive Environment	p. 119
Structure of the Business	p. 120
Nature of the Business	p. 121
Relative Sizes of Organizations	p. 121
Service Requirements	p. 123
Meeting Expectations	p. 123
Concentration and Dispersion of Business Operations and Functions	p. 124
Customer View of Satisfactory Service	p. 126
Technology Requirements	p. 127
The "Bleeding" Edge	p. 127
References	p. 128
8 Outsourcing Security Functions and Security Considerations When Outsourcing	p. 131
Security Management Practices	p. 134
Security Organization	p. 134
Personnel Security	p. 136
Other Human-Related Concerns of the Company	p. 137
Ameliorating the Concerns of Workers	p. 140
Asset Classification and Control	p. 140
Information Security Policy	p. 146
Adopt Customer Policy	p. 147
Adopt Service Provider's Policy	p. 147
Evaluate Responses to Due-Diligence Questionnaire	p. 147
Enforcement and Compliance	p. 147
Access Control and Identity Protection	p. 149
Application and System Development	p. 151
Operations Security and Operational Risk	p. 152
Security Models and Architecture	p. 153
Security Services--Framework	p. 153
Security Infrastructure	p. 153
Security Management and Control	p. 154
Framework	p. 154
Application to Service Providers	p. 154
Physical and Environmental Security	p. 155
Telecommunications and Network Security	p. 156
Cryptography	p. 158
Disaster Recovery and Business Continuity	p. 159
Business Impact Analysis	p. 159
Planning	p. 159
Implementation and Testing	p. 159
Legal Action	p. 160
Summary	p. 160
References	p. 161
9 Summary of the Outsourcing Process--Soup to Nuts	p. 163
Appendix A Candidate Security Services for Outsourcing	p. 171
Appendix B A Brief History of IT Outsourcing	p. 181
The Early Days	p. 181
Remote Job Entry	p. 182
Time-Sharing	p. 184
Distributed Systems	p. 185
Personal Computers and Workstations	p. 186
The Advent of Big-Time Outsourcing	p. 187
The Move Offshore	p. 188
And Now Security	p. 189
Networked Systems and the Internet	p. 190
The Brave New World of Service Providers	p. 191
The Electronic Commerce Model	p. 191
Portals, Aggregation, and Web Services	p. 192
Straight-Through Processing (STP) and Grid Computing	p. 194
Mobile Computing	p. 194
References	p. 195
Appendix C A Brief History of Information Security	p. 197
The Mainframe Era	p. 197
Isolated Data Centers	p. 197
Remote Access	p. 198
Distributed Systems	p. 200
Minicomputers	p. 200
Client-Server Architecture	p. 201
The Wild World of the Web	p. 202
The Wireless Revolution	p. 205
Where IT Outsourcing and Security Meet	p. 205
References	p. 207
Selected Bibliography	p. 209
Annotated References and Resources	p. 209
Books	p. 210
Newspapers, Journals, and Magazines	p. 211
Computer-Related Publications	p. 211
Security Publications	p. 219
Business and Business/Technology Publications	p. 220
Web-Based Resources	p. 222
Web-Based Resources Related to Specific Publications	p. 225
Conferences and Seminars	p. 226
Publications from Professional Associations and Academic Institutions	p. 228
Government Sources: Legal and Regulatory	p. 229
Vendors and Service Providers	p. 231
Education and Certification	p. 232
About the Author	p. 235
Index	p. 237

Available:*

Bound With These Titles

On Order

Summary

Summary

Table of Contents