1 / 19

Information Security considerations for Outsourced ICT Services

Information Security considerations for Outsourced ICT Services. Badru Ntege Group CEO NFT Consult. What is Outsourcing?. Outsourcing - “the strategic use of outside resources to perform activities traditionally handled by internal staff and resources” Dave Griffiths Why Outsource?

montana-serrano
Download Presentation

Information Security considerations for Outsourced ICT Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security considerations for Outsourced ICT Services Badru Ntege Group CEO NFT Consult

  2. What is Outsourcing? • Outsourcing - • “the strategic use of outside resources to perform activities traditionally handled by internal staff and resources” Dave Griffiths • Why Outsource? • Provide services that are scalable, secure, and efficient, while improving overall service and reducing costs

  3. international corporation of the future will need to consider security as more of a "customer service" and "profit protection" entity rather than a necessary evil. In the long run, should they fail to do so, they will lose the trust of their customer (who in the end) is the one who dictates their future Ted Richardson wrote in his blog

  4. Wickipedia • Security is the degree of protection to safeguard a nation, union of nations, persons or person against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition.

  5. Business process outsourcing (BPO) or ITES is a subset of outsourcing that involves the contracting of the operations and responsibilities of specific business functions (or processes) to a third-party service provider

  6. Components of Security • People • Systems • Technology

  7. People & Trust in BPO • The Four cores of Credibility (stephen MR Covey) • Integrity • Intent • Capability • Results

  8. The Economic Formula….. Trust Tax Low Trust Slows Down Your Success Leading at the Speed of Trust FranklinCovey

  9. Trust Dividend High Trust Speeds up Your Success Leading at the Speed of Trust FranklinCovey

  10. People • It is critical that both the client and the service provider play a shared role in the selection of people. • An effort from both sides must also be made to build and inspire trust within the workforce • Remember in outsourcing we start and end with people.

  11. Systems AND Technology

  12. ITES-BPO Security Factors • Lack of meaningful sponsorship • Failed agreement on business processes • Lack of formal and disciplined project management • Project team turn-over of staff • Inability to identify and mitigate risks or remedy incidents • Excessive software customisation, with poor documentation • Insufficient training • User adoption factors • Project viewed as an “IT” project

  13. A need for good security policy • You must also check your security policy. • A good security policy will be sound and rational. • should include a data classification that can distinguish between sensitive and common data. • The policy should also state clear standards and guidelines. • These guidelines should be finalized by the stakeholders, managers and employees of your organization

  14. privacy and intellectual property policy • vendor must have sound intellectual property protection laws. • vendor will go by your privacy and intellectual property policies. • Make these clear with your vendor in simple language to avoid later misunderstandings

  15. Protecting your data • use of database monitoring gateways and application layer fire walls before outsourcing. • These devices can help you enforce usage policies. • prevent privilege abuse and vulnerability exploitation.

  16. The rule of least privilege • decide on a method to monitor material exceptions on your vendors and ensure the rule of least usage. • Most of all, do not provide access to all your records during the same time. Ensure that this is also monitored

  17. Leak-Proof traffic • Make sure that your vendor monitors outbound Internet traffic • Monitor emails for potential information leaks.

  18. Security Trust Dividend or Tax • Vendor and client have to build trust with each other • Vendor must have credibility to perform • Vendor must inspire trust in his employees • A trust relationship between both vendor and client must exist

  19. Thank You ----Any questions

More Related