Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.

Published byMarshall Heath Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security."— Presentation transcript:

1 Security Outsourcing Melissa Karolewski

2 Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security Audits Cyberinsurance Some Popular MSSPs Graphs & Charts Conclusion References

3 Introduction Outsourcing can sometimes be critical for a business in order to maintain company objectives. Many pros and cons to outsourcing security. Can cost up to 50% less than in-house security. Still is not known whether outsourcing security is beneficial or hazardous.

4 What is outsourcing? Delegation of non-core operations or jobs from internal production within a business to an external entity (such as a subcontractor) that specializes in that operation. Outsourcing is a business decision that is often made to lower costs or focus on competencies. (Wikipedia, 2006)

5 Other Definitions Offshoring: transferring work to another country, often overseas is also a type of outsourcing. Common type of outsourcing vendor is Managed Security Service Providers (MSSP)

6 Why Outsource? Cost Lack of Qualified Individuals Reliability

7 Security Areas that are Outsourced Intrusion Detection (IDS’s) Firewalls VPNs Security monitoring Incident management Emergency response and forensic analysis Vulnerability assessment Penetration testing Anti-virus Content filtering services Information security risk assessments Data archiving and restoration On-site consulting http://www.cert.org/security-improvement/modules/omss/c.html

8 Outsourcing Advice Involve department staff in application outsourcing decisions. Compare variable in-house costs with fixed outsourcing costs. Evaluate multiple vendor quotes for security, reliability and problem resolution. Prepare to work with emerging companies and have contingency plans. Consider the social dynamics of outsourcing a workforce vs. a company-career model. Evaluate global vs. national outsourcing for cost and business process. Consider application outsourcing for upgrading platforms and adding new capability. Use tools to standardize and manage outsourcing. http://www.networkworld.com/careers/2002/0527man.html

9 Managed Security Is On The List What's the likelihood your company would outsource the following security services? Firewalls Antivirus software Intrusion detection VPNs Use/likely to use16%13% 24% Unlikely/will never use 69%74%72%62% Don't know15%13%15% DATA: HURWITZ GROUP SURVEY OF 79 COMPANIES WITH MORE THAN $10 BILLION IN REVENUE http://www.informationweek.com/story/IWK20010713S0009

10 Benefits of Security Outsourcing Cost Can cost up to 1/2 as much. Recent data points to only a 15% savings. “Establishing a solid cyber incident response team means hiring approximately 18 employees and making an initial investment of almost $6 million, according to statistics from Gartner, an international IT research firm.”(Lawson, 2000) Vendor can provide: Adequate Staffing Well Trained Individuals Better facilities Connection with law enforcement. 24/7 Monitoring Focused Objective and Plan Security Awareness

11 Risks of Security Outsourcing Possibility of dependence Partnership Failure Lack of communication Legal Issues Trust Must have trust in company Signed Confidentiality Agreements

12 Choosing a Good Vendor Choose a vendor that requires top-secret clearance. If they work for the government, then they are probably reputable. Background Checks Research the Company Other companies experiences

13 Security Vendors Charge an average of $300 an hour. Some are just reformed hackers MSSP Managed Security Service Providers Symantec AT&T SecureWorks ISS.net

14 MSSP a company that handles network security services (such as intrusion detection and prevention, spam blocking and firewall capabilities) for its clients. MSSPs are outsourcing providers. http://www.csoonline.com/glossary/term.cfm?ID=3331.http://www.csoonline.com/glossary/term.cfm?ID=3331 Provides services in areas that companies wish to outsource security. Benefits and Risks, listed above.

15 Continued Evaluation of a MSSP Security Audits systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. often used to determine regulatory compliance, in the wake of legislation HIPAA, the Sarbanes-Oxley Act, and the California Security Breach Information Act (Security Audit, n.d.)

16 Cyberinsruance Covers a number of areas not normally spelled out in traditional policies. Can be thought as a means of outsourcing, since it is a “written” protection from an outside vendor. Further protect security. Insurance discounts. Can cover insider attacks.

17 Popular MSSPs Symantec Offers security packages for all computer users, from personal use to small business and enterprise use. MSS services offered: Firewall/VPN Intrusion Detection Integrated Security Appliance http://www.symantec.com. SecureWorks Offers many types of protection. SC Magazines “Best Intrusion Protection Award” NSS approved award http://www.secureworks.com ISS.net Offers many services Has been around since 1995 SysTrust

18 Symantec

19 SecureWorks

20 ISS.net

21 Table 1: Participating Providers Chart [1] [1] [1] Adapted from: http://www.isp-planet.com/technology/mssp/participants_chart.html

22 http://www.cisco.com/warp/public/cc/so/neso/sqso/mnsqss/prodlit/sosfm_ov/sosfm_o4.jpg The KPMG Global Information Security Survey 2002

23 http://www.networkworld.com/news/2004/082304outsecure.html

24 http://www.infoworld.com/images/infographics/02/08/19/020819feservices_a.gif

25 http://www.infoworld.com/article/02/08/16/020819feservices_1.html

26 Conclusion Security outsourcing is still a developing field. It is still unknown if the benefits outweigh the risks. A way to ensure a vendor is reputable is to look for clearances. Security outsourcing will continue to be an importance to the industry.

27 References http://www.cert.org/security-improvement/modules/omss/index.html http://www.infoworld.com/article/02/08/16/020819feservices_1.html http://www.csoonline.com/glossary/term.cfm?ID=975 http://www.cio.com/archive/120101/et_article.html http://www.networkworld.com/careers/2002/0527man.html http://www.informationweek.com/story/IWK20010713S0009 http://www.microsoft.com/smallbusiness/resources/management/recruiting_staffing/tips_for _outsourcing_your_small_business_needs.mspx http://techrepublic.com.com/5100-10878-1033997.html# http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci912633,00.html) http://www.csoonline.com/glossary/term.cfm?ID=3331 http://www.darwinmag.com/read/080101/blunders.html. http://www.isp-planet.com/technology/mssp/mssp_survey.html http://www.washingtonpost.com/wp-yn/content/article/2006/04/13/AR2006041300261.html http://searchcio.techtarget.com/sDefinition/0,,sid19_gci955099,00.html http://www.cisco.com/warp/public/cc/so/neso/sqso/mnsqss/prodlit/sosfm_ov.pdf http://www.securitypipeline.com/showArticle.jhtml?articleId=15306149&pgno=4.

Download ppt "Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.

FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
IT Outsourcing Advantages Labor Low Cost Definition/Overview Try & expenditures by 30% Competitive Advantage Trends Core competencies Gov’t outsourcing.

IT Outsourcing Advantages Labor Low Cost Definition/Overview Try & expenditures by 30% Competitive Advantage Trends Core competencies Gov’t outsourcing.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.

1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network security policy: best practices

Network security policy: best practices
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

Similar presentations

Ads by Google