Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Outsourcing Melissa Karolewski.

Published byRalf Phillips Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Outsourcing Melissa Karolewski."— Presentation transcript:

1 Security Outsourcing Melissa Karolewski

2 Overview Introduction Definitions Outsourcing Advice Vendors MSSPs
Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security Audits Cyberinsurance Some Popular MSSPs Graphs & Charts Conclusion References

3 Introduction Outsourcing can sometimes be critical for a business in order to maintain company objectives. Many pros and cons to outsourcing security. Can cost up to 50% less than in-house security. Still is not known whether outsourcing security is beneficial or hazardous.

4 What is outsourcing? Delegation of non-core operations or jobs from internal production within a business to an external entity (such as a subcontractor) that specializes in that operation. Outsourcing is a business decision that is often made to lower costs or focus on competencies. (Wikipedia, 2006) Outsourcing definition provided by wikipedia.com.

5 Other Definitions Offshoring: transferring work to another country, often overseas is also a type of outsourcing. Common type of outsourcing vendor is Managed Security Service Providers (MSSP)

6 Why Outsource? Cost Lack of Qualified Individuals Reliability

7 Security Areas that are Outsourced
Intrusion Detection (IDS’s) Firewalls VPNs Security monitoring Incident management Emergency response and forensic analysis Vulnerability assessment Penetration testing Anti-virus Content filtering services Information security risk assessments Data archiving and restoration On-site consulting There are many areas that can be outsourced. Areas that can be outsourced in security are as follows.

8 Outsourcing Advice Involve department staff in application outsourcing decisions. Compare variable in-house costs with fixed outsourcing costs. Evaluate multiple vendor quotes for security, reliability and problem resolution. Prepare to work with emerging companies and have contingency plans. Consider the social dynamics of outsourcing a workforce vs. a company-career model. Evaluate global vs. national outsourcing for cost and business process. Consider application outsourcing for upgrading platforms and adding new capability. Use tools to standardize and manage outsourcing. These tips were provided from

9 Unlikely/will never use 69% 74% 72% 62%
Managed Security Is On The List What's the likelihood your company would outsource the following security services? Firewalls Antivirus software Intrusion detection VPNs Use/likely to use 16% 13% 24% Unlikely/will never use 69% 74% 72% 62% Don't know 15% DATA: HURWITZ GROUP SURVEY OF 79 COMPANIES WITH MORE THAN $10 BILLION IN REVENUE 72% of the companies are unlikely to outsource their intrusion detection. There was a high percentage of companies that responded never use or unlikely.

10 Benefits of Security Outsourcing
Cost Can cost up to 1/2 as much. Recent data points to only a 15% savings. “Establishing a solid cyber incident response team means hiring approximately 18 employees and making an initial investment of almost $6 million, according to statistics from Gartner, an international IT research firm.”(Lawson, 2000) Vendor can provide: Adequate Staffing Well Trained Individuals Better facilities Connection with law enforcement. 24/7 Monitoring Focused Objective and Plan Security Awareness

11 Risks of Security Outsourcing
Possibility of dependence Partnership Failure Lack of communication Legal Issues Trust Must have trust in company Signed Confidentiality Agreements

12 Choosing a Good Vendor Choose a vendor that requires top-secret clearance. If they work for the government, then they are probably reputable. Background Checks Research the Company Other companies experiences

13 Security Vendors Charge an average of $300 an hour.
Some are just reformed hackers MSSP Managed Security Service Providers Symantec AT&T SecureWorks ISS.net

14 MSSP a company that handles network security services (such as intrusion detection and prevention, spam blocking and firewall capabilities) for its clients. MSSPs are outsourcing providers. Provides services in areas that companies wish to outsource security. Benefits and Risks, listed above.

15 Continued Evaluation of a MSSP
Security Audits systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. often used to determine regulatory compliance, in the wake of legislation HIPAA, the Sarbanes-Oxley Act, and the California Security Breach Information Act (Security Audit, n.d.)

16 Cyberinsruance Covers a number of areas not normally spelled out in traditional policies. Can be thought as a means of outsourcing, since it is a “written” protection from an outside vendor. Further protect security. Insurance discounts. Can cover insider attacks.

17 Popular MSSPs Symantec SecureWorks ISS.net
Offers security packages for all computer users, from personal use to small business and enterprise use. MSS services offered: Firewall/VPN Intrusion Detection Integrated Security Appliance SecureWorks Offers many types of protection. SC Magazines “Best Intrusion Protection Award” NSS approved award ISS.net Offers many services Has been around since 1995 SysTrust

18 Symantec

19 SecureWorks

20 ISS.net

21 Table 1: Participating Providers Chart[1]
Guardent, ISS, and Net NetPlexus have all the features and or abilities. WorldCom no longer exists, it is now owned by Verizon. SecureWorks, which showed up first on a google search had only Managed IDS and Managed Vulnerability. Symantec had quite a few. [1] Adapted from:

22 The KPMG Global Information Security Survey 2002

23

24

25

26 Conclusion Security outsourcing is still a developing field.
It is still unknown if the benefits outweigh the risks. A way to ensure a vendor is reputable is to look for clearances. Security outsourcing will continue to be an importance to the industry.

27 References

Download ppt "Security Outsourcing Melissa Karolewski."

Similar presentations

Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Innovation or Necessity? ISM 158 By: Sepehr Saeb.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Information Security in Real Business

Information Security in Real Business
Network security policy: best practices

Network security policy: best practices
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Joseph Ferracin Director IT Security Solutions Managing Security.

Joseph Ferracin Director IT Security Solutions Managing Security.

Similar presentations

Ads by Google