Topics:
Security
Outsource Security Carefully, And Carry A Big Audit Plan
It’s a good question, though. After all, handing over the job of keeping your all-important networks, systems, and data safe can seem like an act of last resort, acknowledging—as Greenemeier points out—that the job is simply too much for you. Yet isn’t it better to make such an acknowledgement and seek appropriate help rather than denying evidence that you may be putting your organization at risk? Still, outsourcing shouldn’t be done casually and without stepping exceedingly carefully through the vendor selection process. Greenemeier outlines the minimal actions you must take with this regard. One thing he doesn’t mention, however, which should be at the top of any IT professional’s list: active risk management of vendors using independent third-party auditors. And a just-released study by Ernst & Young indicates that IT managers are woefully unprepared when it comes to protecting themselves against incompetent, unskilled, or generally ineffectual third-party security service providers. Only 14 percent of the 1,200 global IT professionals surveyed have formal security risk management procedures in place that are properly validated by auditors. And let’s face it: independent auditing of vendor effectiveness is the single—perhaps the only—way to sleep at night when outsourcing something as important as security. Indeed, although 60 percent of the survey participants who had outsourced information security activities already--or who were planning to do so--said they were doing it to focus valuable IT resources on other key areas, most were “overwhelmingly emphatic” about their determination not to outsource security functions because of the risks involved. What do you think? Have you outsourced all or part of your security activities? Why or why not? Let me know what you think by responding below. « Elbowing Through The Holiday Crowds At Online Stores | Main | Has Microsoft Ordered A Hit On Windows 2000? » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
