Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Outsourcing information security

Simon Burson | Jan. 20, 2010
The unfamiliar territory and complexity of security often results in a typical human response: make it someone elses problem

When signing outsourcing agreements, security should be considered before signing on the dotted line.

Deciding factors

Components of security can be delivered effectively by outsource partners, but it takes more than hoping for the best. Outsourcing security components, like any other business decision, should consider the whole impact. One needs to complete due diligence, the risks need to be managed, mitigations implemented and of course assurance controls built in. While it is easy to blame security firms for the distressing state of most companies, the reality is the blame lies a lot closer. Individuals need to demand security from suppliers and take responsibility for delivering it in the areas they control.

Simon Burson is an information security consultant. He has delivered policies, operating models, architectures and solutions in both internal and customer facing security roles. Email him at


Previous Page  1  2  3  4  5  6  7 

Sign up for Computerworld eNewsletters.