User Account

All Pages

Should an organization outsource security

Assignment Help Business Management
Reference no: EM131311369

SHOULD AN ORGANIZATION OUTSOURCE SECURITY?

It may seem like an odd question, one that gets an immediate "no," but think again. Many businesses realize that they do not possess the expertise, time, or money to detect, identify, isolate, and stop the hundreds of hackers, viruses, worms, and other malcontents that daily bombard most IT systems. Moreover, most organizations wouldn't identify "security" as a unique core competency, so there is some argument for outsourcing it.

The following statistics come from a survey performed by InformationWeek/Accenture Global Information Security. They identify the percentage of respondents who use an outsourcer for some form of security. Firewall management-29 percent Intrusion detection management-25 percent Messaging protection-18 percent Security strategy development-15 percent Security governance-11 percent End device security-11 percent The numbers show that many companies are willing to outsource IT-related security.

BOILING SPRINGS SAVINGS BANK

Most likely, the number one reason why companies outsource security functions is because they lack the resources and expertise to handle it themselves. According to Ken Emerson, director of strategic planning and CIO at Boiling Springs Savings Bank in New Jersey, "In the security world, it's a game of catch-up. I couldn't possibly throw enough resources at it internally." Ken contracted Perimeter Internetworking to provide security for e-mail and handle the function of intrusion detection and prevention. As Ken explained it further, "I didn't feel like I had the necessary knowledge on my staff, especially with the rapidly growing volume of spam." But before hiring Perimeter, Ken thought about his customers who rely on Boiling Springs to keep their money safe.

So, he did a background check on Perimeter and learned that it had passed the Statement of Auditing Standards No. 70, an in-depth audit of a service provider's control activities. He also found that none of the other security firms he was evaluating had received that sort of certifi cation. Perimeter electronically linked to Boiling Springs's systems and monitored all e-mail traffic and intrusion attempts. It even found a worm on a specific Boiling Springs PC and notified the bank so it could shut down the infected computer.

KETTERING MEDICAL CENTER NETWORK

Kettering Medical Center Network, a group of 50 health care facilities in the Dayton, Ohio, area, turned over some of its IT security to Symantec. Specifically, Kettering contracted Symantec to analyze all of its data collected by Check Point Technologies and Cisco Systems firewalls. The focus here was to protect remote physicians' offices that are on the network. These types of remote access areas are prime targets for infi ltrating a much larger network.

As Bob Burritt, IS network and technology manager at Kettering, explained it, "We need to be concerned if someone is trying to do a port scan against our systems or if our network contains ad bots or spy bots trying to communicate out." If someone did succeed in penetrating Kettering's network and shutting down the system, the results would be catastrophic.

Not only could doctors and other health care professionals not communicate with each other and share information, Kettering would lose approximately $1 million a day if it couldn't bill patients or its health care partners or collect fees. Boiling Springs Savings Bank and Kettering Medical Center Network are just two examples of the many companies that are effectively outsourcing some portion of IT security. Overall among U.S. companies, 25 percent are now outsourcing some aspect of IT security.

Questions
1. If you were developing a new system using the traditional systems development life cycle (SDLC), at what point would you need to identify that you needed to outsource some aspect of IT security?

2. In reference to the first question, how would you continue with the in-house systems development effort and, at the same time, carry on the process of outsourcing IT security with another company?

3. Boiling Springs Savings Bank did a background check on Perimeter before hiring it. Search the Web for resources than can help an organization do background checks on IT security firms. What did you find? Did you fi nd a couple of Web sites or certifi cation organizations that offer some guarantee of IT security firms? If so, whom did you fi nd?

4. Turning over IT security to an outside organization is tantamount to giving another organization complete access to all your systems and information. What stipulations would you include in a service level agreement with an IT security outsourcer to ensure that it didn't exploit the openness of your systems and steal strategic and sensitive information?

5. Do some research on the Web for companies that specialize in IT security outsourcing besides Perimeter and Symantec. Whom did you find? Do they seem to be reputable? Do they include a list of clients you can contact for references?

Reference no: EM131311369

Questions Cloud

What is lynn expected utility : a) Considering the probability that there is a fire, what is Lynn's Expected Wealth, E(W)? b) What is Lynn's Expected Utility, E(U)? c) What is Lynn's Certainty Equivalent)?
Understanding of issues and theory presented in the article : HI6025 Accounting Theory and Current Issue - Identification and discussion of the theory and concepts relevant to the selected article and Analysis and demonstrated level of understanding of key issues and theory presented in the article
Which part of investigation made the biggest impact on you : Explain which part of the investigation made the biggest impact on you. Describe some of the challenges Human Services Professionals may face when working on child abuse cases. What are your suggestions for dealing with those ch..
Explain how adm coding solves the above errors : What are slope overload distortion and granular noise distortion in DM coding?
Should an organization outsource security : If you were developing a new system using the traditional systems development life cycle (SDLC), at what point would you need to identify that you needed to outsource some aspect of IT security?
Monopolist charge in market : 1. What price does the LOL Street Journal as a monopolist charge in each market? 2. What quantity is sold in each market? 3. How much pro?t does the journal make? (Round up to the second decimal).
Create newsletters to inform families of literature genres : You will create two newsletters to inform families of literature genres being presented in your future classroom. The newsletters should foster their child's exploration of literature and support learning in the classroom.
Develop a chart that lists characteristics of heart defects : Develop a chart that lists the characteristics of congenital heart defects, blood disorders, asthma, cystic fibrosis, insulin-dependent diabetes mellitus, chronic renal failure, childhood cancer, and congenital and acquired infectious diseases.
What is the difference between dm and dpcm : In transform coding, when a sender transmits the M matrix to a receiver, does the sender need to send the T matrix used in calculation? Explain.

Reviews

Write a Review

Business Management Questions & Answers

  Voluntary and involuntary turnover

Describe voluntary and involuntary turnover, and compare and contrast the effects that each type of turnover has on an organization.

  United states consists of two interacting spheres or realms

The health care system in the United States consists of two interacting spheres or realms - exchange and production." Do you agree or disagree with this quote?(agree) As best you can, fully explain your answer.

  Question about motivation theories

Show which of the following motivation theories would be most effective to motivate these employee groups and explain

  Explain and specify what cultural determinants

Explain and Specify what cultural determinants about this country would be most important to you as you reach a decision about whether

  Mba in technology management

Describe why doing an MBA in Technology Management is less about technology & more about doing business with that technology in overseas market?

  Friendly finance prosper in a suit against suburban

A-One Landscapers Inc owes Friendly Finance Company $5,000. A-One enters into a contract with Suburban Office Park under which A-One promises to uphold the landscaping on Suburban's property.

  Explain how does his behavior look in the light of day

Explain How does his behavior look in the light of day and Aside from his legal obligations, did Ingersoll behave ethically

  Find shortest processing time

SPT is generally viewed as operationally focused rather than customer focused. However, are there cases when it could be as customer responsive as EDD or FCFS? Illustrate an example of this.

  Evaluate tools used to measure and report data

Evaluate various data collection and display tools used in performance measurement.

  Which two guidelines are most important

Which two guidelines are most important to your knowledge asset at this point in the course and why?

  Adjusting nominal gdp for price changes

When adjusting nominal GDP for price changes, it is preferable to use the GDP deflator rather than the consumer price index?

  Evaluate the role of ethical decision-making in organization

Discuss the key countries that might be associated with the risk. Evaluate the role of ethical decision-making in business organizations.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd