IT security is the protection of information and especially the processing of information. IT security is intended to prevent the manipulation of data and systems by unauthorized third parties. This does not only mean information and data, but also physical data centers or cloud services. (Hornet Security, 2023)
With the emergence of new developments most especially in the field of IT, a number of companies are now geared towards outsourcing of typical tasks such as customer service, social media management, accounting, finance, human resources, and even IT security.
 |
| Source: https://www.archtis.com/its-time-to-distinguish-information-security-from-it-security/ |
Given the sensitivity of data and information, I believe that a company or organization should not outsource its IT security rather invest on IT. There are also a number of issues involved such as data privacy, legal issues, quality assurance, hacking, and corporate espionage. The competition between firms are now more stringent and with the Internet opening its doors to new opportunities, most companies are utilizing IT to gain competitive advantage and others may use it to bring down their rivals.
 |
| Source: https://www.lifars.com/2020/03/motivations-behind-cyber-attacks/ |
On the other hand, it is inevitable for some companies to outsource a portion of its processes and IT due to operating costs and eventually taking off a load from the shoulder of the top management to focus on more important company goals and objectives.
In order to mitigate these risks, a company may apply the steps on managing information security. (Identity Management Institute, 2007) These are as follows:
- Clearly define the outsourcing scope in the contracts and establish a complete set of Service Level Agreements (SLA).
- Audit against Service-level agreements to ensure compliance with agreed upon procedures.
- Request oversight team sign-off when deploying tools, systems, or changes to make sure security is properly tested.
- Ensure all internal or service provider staff are subject to social engineering tests and mock incidents, ensuring their response is appropriate.
- Build known vulnerabilities into applications before commencing penetration testing to ensure the service provider reports all findings.
- Finally, avoid commingling operations with security. This creates huge information security outsourcing risks around SOD (segregation of duties) and COI (conflict of interest).
IT Security is a major function in every organization. However, not all organizations have the capacity to equip themselves with the knowledge about IT and outsourcing. It's like playing with fire - you'll get burn if you don't know what you are exactly doing.
References:
Hornet Security. (2023). IT Security: What is IT Security, and why is IT Security so important? Retrieved from Hornet Security: https://www.hornetsecurity.com/en/knowledge-base/it-security/
Identity Management Institute. (2007). INFORMATION SECURITY OUTSOURCING RISKS AND SOLUTIONS. Retrieved from Identity Management Institute: https://identitymanagementinstitute.org/information-security-outsourcing-risks-and-solutions/
Comments
Post a Comment