Information Security considerations for Outsourced ICT Services

Slides:



Advertisements
Similar presentations
Innovation or Necessity? ISM 158 By: Sepehr Saeb.
Advertisements

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Information Security Policies Larry Conrad September 29, 2009.
ISA 562 Summer Information Security Management CISSP Topic 1 ISA 562 Internet Security Theory and Practice.
Management Information Systems, 4 th Edition 1 Chapter 16 Alternative Avenues for Systems Acquisitions.
Buffalo State College Internal Control Program Presented to: Buffalo State College Line Staff Delivered by: BSC IC Program & Department Managers.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Control environment and control activities. Day II Session III and IV.
Vendor Risk: Effective Management is Essential
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Program Objective Security Basics
© 2004 by Prentice Hall Terrie Nolinske, Ph.D Respecting Employee Rights and Managing Discipline 14.
Intrusion Detection MIS ALTER 0A234 Lecture 11.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Test Organization and Management
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Best Practices: Financial Resource Management February 2011.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Systems Security Operational Control for Information Security.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
Why Businesses Fail & How To Avoid It  Recognizing the Warning Signals  Analyzing Your Critical Risks.
Working with HIT Systems
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Placing Information Security within an Organization
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Outsourcing. What is Outsourcing? Outsourcing - – “the strategic use of outside resources to perform activities traditionally handled by internal staff.
Is Vendor Management The New Risk Management? Douglas DeGrote.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Data protection—training materials [Name and details of speaker]
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Welcome to the ICT Department Unit 3_5 Security Policies.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
Managed IT Solutions More Reliable Networks Are Our Business
CS457 Introduction to Information Security Systems
Group 1: Outsourcing Spectrum Management
Information Assurance Policy and Management
Security Standard: “reasonable security”
Information Technology Sector
Errors, Fraud, Risk Management, and Internal Controls
Introduction to the Federal Defense Acquisition Regulation
Lecture 14: Business Information Systems - ICT Security
Privacy and Security in the Employment Relationship
Strategic Human Resource Management
Group 1: Outsourcing Spectrum Management
CompTIA Security+ Study Guide (SY0-401)
INFORMATION SYSTEMS SECURITY and CONTROL
Outsourcing.
How to Mitigate the Consequences What are the Countermeasures?
Drew Hunt Network Security Analyst Valley Medical Center
IS Risk Management Framework Overview
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Role of State Audit Bureau of Kuwait in promoting and audit of IT Security  
Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance.
Presentation transcript:

Information Security considerations for Outsourced ICT Services Badru Ntege Group CEO NFT Consult

What is Outsourcing? Outsourcing - Why Outsource? “the strategic use of outside resources to perform activities traditionally handled by internal staff and resources” Dave Griffiths Why Outsource? Provide services that are scalable, secure, and efficient, while improving overall service and reducing costs

international corporation of the future will need to consider security as more of a "customer service" and "profit protection" entity rather than a necessary evil. In the long run, should they fail to do so, they will lose the trust of their customer (who in the end) is the one who dictates their future Ted Richardson wrote in his blog

Wickipedia Security is the degree of protection to safeguard a nation, union of nations, persons or person against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition.

Business process outsourcing (BPO) or ITES is a subset of outsourcing that involves the contracting of the operations and responsibilities of specific business functions (or processes) to a third-party service provider

Components of Security People Systems Technology

People & Trust in BPO The Four cores of Credibility (stephen MR Covey) Integrity Intent Capability Results

Trust Tax Low Trust Slows Down Your Success The Economic Formula….. Review Think of 911….airport security….. Here are some of the key taxes SMRC identifies…..next Low Trust Slows Down Your Success Leading at the Speed of Trust FranklinCovey 8 8

Trust Dividend High Trust Speeds up Your Success If you turn that around and think of the formula for Trust Dividends…..if there is a high degree of trust for instance on a team……between you and them, between themselves….with little suspicion, clarity around who was doing what, accountability……things speed up….time drag minimizes, errors go down….. A leader who delegates….speeds the process of, lowers costs of time, his/her time engaged in work someone else should be doing Invvestigates levels of paperwork and streamlines, raises speed, lowers costs….. So building a high trust culture allows you to……. Next High Trust Speeds up Your Success Leading at the Speed of Trust FranklinCovey 9 9

People It is critical that both the client and the service provider play a shared role in the selection of people. An effort from both sides must also be made to build and inspire trust within the workforce Remember in outsourcing we start and end with people.

Systems AND Technology

ITES-BPO Security Factors Lack of meaningful sponsorship Failed agreement on business processes Lack of formal and disciplined project management Project team turn-over of staff Inability to identify and mitigate risks or remedy incidents Excessive software customisation, with poor documentation Insufficient training User adoption factors Project viewed as an “IT” project

A need for good security policy You must also check your security policy. A good security policy will be sound and rational. should include a data classification that can distinguish between sensitive and common data. The policy should also state clear standards and guidelines. These guidelines should be finalized by the stakeholders, managers and employees of your organization

privacy and intellectual property policy vendor must have sound intellectual property protection laws. vendor will go by your privacy and intellectual property policies. Make these clear with your vendor in simple language to avoid later misunderstandings

Protecting your data use of database monitoring gateways and application layer fire walls before outsourcing. These devices can help you enforce usage policies. prevent privilege abuse and vulnerability exploitation.

The rule of least privilege decide on a method to monitor material exceptions on your vendors and ensure the rule of least usage. Most of all, do not provide access to all your records during the same time. Ensure that this is also monitored

Leak-Proof traffic Make sure that your vendor monitors outbound Internet traffic Monitor emails for potential information leaks.

Security Trust Dividend or Tax Vendor and client have to build trust with each other Vendor must have credibility to perform Vendor must inspire trust in his employees A trust relationship between both vendor and client must exist

Thank You ----Any questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.