“Mitigating Offshoring Risks in a Global Business Environment“

Slides:

Advertisements

Similar presentations

Course: e-Governance Project Lifecycle Day 1

Advertisements

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

IT Governance Infocom India Presentation December 6, 2006.

Clean Water Act Integrated Planning Framework Sewer Smart Summit October 23, 2012.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001" Presented to the ICGFM Annual Conference.

The Outsourcing Process

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Introduction to International Business Discussion Section April 6, 2007 Sanny Liao.

Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur,

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

Technologies Pvt. Ltd. MOVING NODE BPO Services. ¤Company Overview ¤Business Portfolio ¤BPO Infrastructure ¤Services Provided ¤Outsourcing ¤Quality ¤Risk.

Software Asset Management

IT Outsourcing Andy Darnell Jennifer Lawrence Jessica Pruitt.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Security and Privacy Services Cloud computing point of view October 2012.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Basics of OHSAS Occupational Health & Safety Management System

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.

Impact of Globalization and Outsourcing of Software Development.

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

DRP World Class Operations - Impact Workshop Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products.

WORKSHOP Laredo 28 th May OBJECTIVES To provide an interactive forum to discuss the developments of Logistics Cities To share experiences – good,

PRIMO Limited & 6 Sigma By HKU SPACE 6 Sigma Consultant Firm 30-May-2006.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Working with HIT Systems

OUTSOURCING PLANNING. Group Members Sumeet Rao 39 Aastha Salaskar 59 Krunal Madia 58 Dhanashree Kalamkar 18 Ritesh Karunakar 19.

Infrastructure Protection

111 © 2005 EMC Corporation. All rights reserved. Achieving Business Resilience 2005 Business Continuity and Corporate Security Show & Conference Stephen.

Network design Topic 1 Business goals. Agenda Network life cycle Network design process Business goals Scope Constraints.

A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.

Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.

Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.

MBA 563 Dr Mukaro  Direction and scope of an organisation over a long period of time which achieves advantages in a changing environment through.

Why Ukraine? Brian Borack Chief Operating Officer at SoftServe.

RISK & ITS MANAGEMENT. Risk A crisis situation involves : - a threat to resource & people, - a loss of control, - visible and / or invisible effects on.

The Indian IT story Presented by Sriram Chandrasekaran.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)

Internal Audit: Operating at the strategic level Strategic collaboration Auditing strategic risks Audit plan alignment Malcolm Zack – Director Zack Associates.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

An Overview on Risk Management

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

Decrypting Data Compliance in China

Public Private Partnerships (PPP)

Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>

8 Building Blocks of National Cyber Strategies

Strategy and Human Resources Planning

9.3 Assessing internationalisation

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Cyber Risk & Cyber Insurance - Overview

IS Risk Management Framework Overview

Final Conference 18 Set 2018.

GRC - A Strategic Approach

MATERIALS MANAGEMENT AND PURCHASING) (14303; OPMT , Summer 2015)

Presentation transcript:

“Mitigating Offshoring Risks in a Global Business Environment“ May 26 & 27 “Mitigating Offshoring Risks in a Global Business Environment“ Marsh Technology Conference 2005 Zurich, Switzerland.

Definitions Offshoring is the performance of certain business functions in another country primarily to achieve economic benefits. Outsourced to a vendor, who manages the process for a fee or percent of the savings; Company-owned process, where operations are developed in a host country Typical business functions targeted for offshoring include: Software development Technology design, build or assembly Customer service Business process operations

Offshoring has Compelling Economics Cost reduction- From 2003 through 2008, U.S. businesses will save a projected $20 billion using offshore resources1 Production costs are 30-50% lower in China vs. traditional U.S. manufacturing2 Quality - Offshoring provides good quality e.g. Indian service providers often provide CMM Level 5, Six Sigma, ISO 9000 and BS 7799 certifications. Competition- Time zone advantages exist as well as larger pools of talent. It enables a company to remain competitive in their market. New Markets- By operating “in-country”, new growth opportunities may be opened up and leveraged. - A data switch is made by 3-Com in China for about $180,000. Cisco’s competitive switch is $245,000--a 25% price gap. 3-Com is “getting four engineers for the price of one” 3 - India's National Association of Software & Service Companies (Nasscom) alone expects its outsourcing business will surge more than 26 percent to 28 percent in 20054 1 Global Insight report 2003 2 Business Week 02-06-04 3 Ibid 4 Nasscom Study 2005

Offshoring also has Serious Threats IP theft Natural disaster Political instability Risk Mitigation Capabilities Terror incident Internal cyber-threats Offshore Operations Business Plan Response & Recovery Capabilities Counterfeiting products Major IT outage External cyber-incident What Defines a Serious Threat? Impacts the business plan Fast developing Creates long-term change High stress to organization Large-scale

Offshore Risk & Security Process Phase 1 Phase 2 Phase 3 INPUTS Assess and Analyze Design and Plan Deploy and Monitor MAJOR STEPS Project Initiation and Assessments Program Design and Strategy Planning Plan Deployment ACTIONS 1. Offshore risk assessment process: Threat and Risk assessment: Business impact Technology trends Security environment Threats and vulnerabilities Project Management Regulatory compliance Policies & standards Technology continuity Statement of applicability Protection of IP Analyze offshore risk gaps: Current security policies & controls Regulatory compliance Technology continuity Project management Security governance Incident response process 2.Create offshore risk mitigation plan: Define offshore risk controls Align risk controls to the business plan Outline processes for measuring results Deploy improvement components of offshore risk master plan Security policies & controls Regulatory compliance Technology continuity Project Management IP Protection 2. Implement monitoring process for continuous improvement Risk/Impact matrix Documented offshore risk controls status 3. Offshore Project Management strategy Offshore Risk Mitigation Master Plan Prioritized activities Funding and resources Timeline Success criteria Team structure Offshore project risk management framework Regulatory Compliance Report Incident response plan Continuous improvement process for risk mitigation DELIVER-ABLES

First Step: a Threat and Risk Assessment Kroll Offshore Risk Workshop Deliverable (Example) High Define Threats, their probability and the business impact Classify Risk impact of the threats Analyze Existing controls Business processes Overall preparedness posture Design Develop an initial option to address each risk Technology Outage Product Counterfeiting Kidnap & Ranson Cyber-terror Risk Impact Product Design Loss Transfer Change Business Impact Risk Management Options Monitor Control Low R&D theft Low Cyber-fraud Regulatory Non-compliance Low High Risk Probability

Consider These Questions: Have you conducted a thorough offshore risk assessment and analysis Do you have written policies for IP protection with your service provider and your customers? Is there a seasoned offshore specialist in charge of the program? Do you have external legal advice? What is the track record for the target region/vendor for risk incidents? Are there country-specific issues e.g. bribery, corruption, counterfeiting, ineffective law enforcement, data protections laws? What is the security status of the region’s IT and network infrastructure where your service provider is located? What is the region/country record for successful prosecution of cyber-crimes? What is the in-country policy for employee privacy, background screening, hiring/firing, etc? Are there exposures due to ancillary agreements with other contractors? Do they meet your standards as well as those of your customers?

Discussion