TechTarget

Security Think Tank: Business cannot outsource accountability

What should and what should not be outsourced in IT security?

This Article Covers

Outsourcing

You can in theory outsource anything except accountability and crisis management. It’s all down to risk appetite, assuming of course that your outsourcer meets compliance requirements.

Security is all about visibility and control. You lose both when you outsource, but independent contractors can be used to check on other outsourced activities.

The paradigm for trust is also changing for the information age. The old regime is neatly summed up by the old Russian quote, “Trust is good, but control is better” (equally ascribed to both Stalin and Lenin).

The new philosophy is encapsulated by Ronald Reagan’s famous quote, “Trust but verify”.

David Lacey is the UK research director for the Information Systems Security Association (ISSA)

Read more about IT security outsourcing

Security Think Tank: Start with capability gap when outsourcing security

Security Think Tank: Outsourcing of IT security is not for everyone

Security Think Tank: No one-size-fits-all approach to security outsourcing

 

 

 

This was first published in May 2012

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

3 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close