1 / 19

Should Organizations Outsource IT Security? Key Insights and Considerations

This analysis by Rachel Nedved, Sean Lorello, and Shawn Wilde delves into the outsourcing of IT security services. It defines outsourcing as delegating specific IT security tasks to third-party firms for a predetermined period and cost. The paper discusses benefits such as cost reduction and enhanced service quality, alongside vital aspects like choosing secure providers and the importance of certifications. It highlights the Systems Development Life Cycle (SDLC) and outlines essential planning steps to ensure successful IT security outsourcing. Key security firms and their credentials are also reviewed.

akiva
Télécharger la présentation

Should Organizations Outsource IT Security? Key Insights and Considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SHOULD AN ORGANIZATION OUTSOURCE SECURITY? Analysis by Rachel Nedved, Sean Lorello and Shawn Wilde

  2. Outsourcing Security What is it? • The delegation of specific work (namely IT Security) to a third party for a specified length of time, at a specified cost, and at a specified level of service. (Haag/Cummings, pg 294) Why do it? • Provide better service. • Reduces costs.

  3. Outline: • The Systems Development Life Cycle and development of information systems • Choosing a secure provider of IT security • Availability of reliable IT security companies

  4. (SDLC) Systems Development Life Cycle 1. Planning 2. Analysis 3. Design 4. Development 5. Testing 6. Implementation 7. Maintenance

  5. 1. Planning • Three steps to planning • Defining the system to be developed • Setting the project scope • And developing the project plans

  6. 2. Analysis 3. Design • Gather the business requirements • Prioritize the requirements • Design the technical architecture • Design the system model

  7. 4. Development 5. Testing • This is the point where one would need to identify that outsourcing would be needed for IT security • Where you build the technical architect • Build the database and programs • Write the test conditions • Perform the testing of the system

  8. 6. Implementation 7. Maintenance • Write detailed user documentation • Provide training for the system users • Provide an environment to support system changes

  9. In House development & IT Outsourcing working together • Give outsource access to your system • Have your IT guys work alongside with your outsource IT people • Have an IT room in your company

  10. Background Check • Important to run a background check on IT Security firms • Look for • BS7799 • Statement of Auditing Standards No. 70 • Others

  11. Certification • IT companies and certification • Intertek • EMC • Savvis • Others

  12. The Downside to Outsourcing IT • IT company has complete access to all information and systems • They have ability to steal important and strategic information • Stipulations must be included in agreement to secure you company

  13. IT Security Outsourcing Companies Major Companies • Perimeter • Symantec Other Companies • Cognizant • Wipro • IBM-ISS

  14. Cognizant Reliable customer base: • Radio Shack • Citi Group • Nokia • Dish Network • Nestle http://www.cognizant.com

  15. Wipro http://www.wipro.com Awards: • Wipro Technologies: Winner of Indian MAKE Award, 2008   • Wipro Wins International Institute for Software Testing’s Software Testing Best Practice Award   • Wipro tops Global MAKE Award 2007     • Wipro wins Verizon’s 2006 Supplier Excellence Award   • Wipro awarded HP’s Best Application Solution Implementation for creating world-class BTO service practice   • Wipro and Nortel win Outsourcing Excellence Award   • Wipro-only Indian company in the BusinessWeek’s IN25 “Champions of Innovation” list.   • Wipro BPO Receives Prestigious ‘Outsourcing Excellence’ Award   • Winner of Everest Group’s ‘Outsourcing Excellence’ Award   • Named Indiatimes ‘BPO Company of the Year’     • Only Indian company to be ranked among the ‘Top 10 Global Outsourcing Providers’ in the IAOP-Fortune Global 100 listings  

  16. IBM-ISS Alliance Solutions: • Cisco • Genesys • Infor • Nortel • Novell • Oracle • Red Hat • SAP http://www.ibm.com/services/security

  17. Outsourcing Security Activity!

  18. Summary • Proper planning is required (SDLC) to ensure the best result is attained. • Research the security company that you choose: • Ensure appropriate certifications • Make sure terms of agreement with the company are clear • Check references and credentials

  19. Resources "BS 7799 COMPLIANCE & BS7799 MANAGEMENT." 2002. C & A Systems Security . 30 Mar 2009 http://www.securitypolicy.co.uk/bs-7799/ Cognizant. (n.d.). Cognizant Technology Solutions. Retrieved March 30, 2009, from http://www.cognizant.com Haag, S., & Cummings, M. (2008). Management Information Systems for the Information Age: XLMD_Production.xls. New York: McGraw-Hill. IBM-ISS. (n.d.). IBM Alliance Solutions. Retrieved March 30, 2009, from IBM-ISS: http://www-03.ibm.com/solutions/alliance/us/index.html "Our Services." Systems Certifications. 2007. Intertek. 30 Mar 2009 http://www.intertek-sc.com/our_services/?lang=en "Savvis Completes Examination in Conformity with Statement on Auditing Standards No. 70 (SAS 70), Service Organizations." Press Release. 1 December 2008. Savvis. 30 Mar 2009 http://www.savvis.net/corp/News/Press+Releases/Archive/Savvis+Completes+Examination+in+Conformity+with+Statement+on+Auditing+Standards+No+70+Service+Organi.htm "Support and Training." EMC2 Where Information Lives. 2009. EMC Corporation . 30 Mar 2009 http://www.emc.com/support-training/index.htm Wipro. (n.d.). Enterprise Security Services. Retrieved March 30, 2009, from http://www.wipro.com/itservices/ess/index.htm

More Related