You can in theory outsource anything except accountability and crisis management. It’s all down to risk appetite, assuming of course that your outsourcer meets compliance requirements.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Security is all about visibility and control. You lose both when you outsource, but independent contractors can be used to check on other outsourced activities.
The paradigm for trust is also changing for the information age. The old regime is neatly summed up by the old Russian quote, “Trust is good, but control is better” (equally ascribed to both Stalin and Lenin).
The new philosophy is encapsulated by Ronald Reagan’s famous quote, “Trust but verify”.
David Lacey is the UK research director for the Information Systems Security Association (ISSA)
Read more about IT security outsourcing