CHAPTER 68

OUTSOURCING AND SECURITY

Kip Boyle, Michael Buglewicz, and Steven Lovaas

68.1 INTRODUCTION

68.1.1 Definitions

68.1.2 Distinctions

68.1.3 Insourcing

68.1.4 Nearshoring

68.1.5 Offshoring

68.2 WHY OUTSOURCE?

68.2.1 Effectiveness versus Efficiency

68.2.2 Being Effective

68.2.3 Being Efficient

68.3 CAN OUTSOURCING FAIL?

68.3.1 Why Does Outsourcing Fail?

68.3.2 Universal Nature of Risk

68.3.3 Clarity of Purpose and Intent

68.3.4 Price

68.3.5 Social Culture

68.3.6 International Economics

68.3.7 Political Issues

68.3.8 Environmental Factors

68.3.9 Travel

68.3.10 Labor

68.3.11 Additional Risks

68.4 CONTROLLING THE RISKS

68.4.1 Controls on What?

68.4.2 Controlling Outsourcing Risk

68.4.3 Availability Controls

68.4.4 Utility Controls

68.4.5 Integrity and Authenticity Controls

68.4.6 Confidentiality and Possession Controls

68.4.7 Making the Best of Outsourcing

68.5 OUTSOURCING SECURITY FUNCTIONS

68.5.1 Who Outsources Security?

68.5.2 Why Do Organizations Outsource Security?

68.5.3 What Are the Risks of Outsourcing Security?

68.5.4 How to Outsource Security Functions

68.5.5 Controlling the Risk of Security Outsourcing

68.6 CONCLUDING REMARKS

68.7 FURTHER READING

68.8 NOTES

68.1 INTRODUCTION.

The term “outsourcing” has come to identify several distinct concepts, each requiring a different risk management strategy. In this chapter, we examine today's practice of outsourcing and the effects and considerations it has, or should have, on the work of information assurance professionals. ...