Creating an effective security risk model for outsourcing decisions

ISSN： 1358-3948

Source： BT Technology Journal, Vol.25, Iss.1, 2007-01, pp. : 79-87

Disclaimer: Any content in publications that violate the sovereignty, the constitution or regulations of the PRC is not accepted or approved by CNPIEC.

Previous Menu Next

Abstract

Globalisation has had a fundamental impact on the way that business is conducted and approaches to sourcing work have evolved. Outsourcing is here to stay and the proportion of worldwide spend in this market-place will continue to rise.BT's security community has successfully introduced a new risk model and supporting process to identify the key risk factors applicable to outsourcing, namely, specific environmental conditions, the number of third party personnel involved in the contract and the level of `trust' given to these personnel. The importance of protective monitoring and audit regimes is highlighted from both a compliance and assurance perspective — and is being used to create effective engagement with outsourcing partners to raise security thresholds and discuss security issues. Globalisation, coupled with the requirement for more open networks, will continue to increase in the future and result in corporate infrastructure fragmentation and the breaking down of traditional boundaries. At the same time, approaches to security must also evolve — moving the focus from the infrastructure to the client, application and eventually the data level.