User Account

All Pages

Should an organization outsource security

Assignment Help Business Management
Reference no: EM131311369

SHOULD AN ORGANIZATION OUTSOURCE SECURITY?

It may seem like an odd question, one that gets an immediate "no," but think again. Many businesses realize that they do not possess the expertise, time, or money to detect, identify, isolate, and stop the hundreds of hackers, viruses, worms, and other malcontents that daily bombard most IT systems. Moreover, most organizations wouldn't identify "security" as a unique core competency, so there is some argument for outsourcing it.

The following statistics come from a survey performed by InformationWeek/Accenture Global Information Security. They identify the percentage of respondents who use an outsourcer for some form of security. Firewall management-29 percent Intrusion detection management-25 percent Messaging protection-18 percent Security strategy development-15 percent Security governance-11 percent End device security-11 percent The numbers show that many companies are willing to outsource IT-related security.

BOILING SPRINGS SAVINGS BANK

Most likely, the number one reason why companies outsource security functions is because they lack the resources and expertise to handle it themselves. According to Ken Emerson, director of strategic planning and CIO at Boiling Springs Savings Bank in New Jersey, "In the security world, it's a game of catch-up. I couldn't possibly throw enough resources at it internally." Ken contracted Perimeter Internetworking to provide security for e-mail and handle the function of intrusion detection and prevention. As Ken explained it further, "I didn't feel like I had the necessary knowledge on my staff, especially with the rapidly growing volume of spam." But before hiring Perimeter, Ken thought about his customers who rely on Boiling Springs to keep their money safe.

So, he did a background check on Perimeter and learned that it had passed the Statement of Auditing Standards No. 70, an in-depth audit of a service provider's control activities. He also found that none of the other security firms he was evaluating had received that sort of certifi cation. Perimeter electronically linked to Boiling Springs's systems and monitored all e-mail traffic and intrusion attempts. It even found a worm on a specific Boiling Springs PC and notified the bank so it could shut down the infected computer.

KETTERING MEDICAL CENTER NETWORK

Kettering Medical Center Network, a group of 50 health care facilities in the Dayton, Ohio, area, turned over some of its IT security to Symantec. Specifically, Kettering contracted Symantec to analyze all of its data collected by Check Point Technologies and Cisco Systems firewalls. The focus here was to protect remote physicians' offices that are on the network. These types of remote access areas are prime targets for infi ltrating a much larger network.

As Bob Burritt, IS network and technology manager at Kettering, explained it, "We need to be concerned if someone is trying to do a port scan against our systems or if our network contains ad bots or spy bots trying to communicate out." If someone did succeed in penetrating Kettering's network and shutting down the system, the results would be catastrophic.

Not only could doctors and other health care professionals not communicate with each other and share information, Kettering would lose approximately $1 million a day if it couldn't bill patients or its health care partners or collect fees. Boiling Springs Savings Bank and Kettering Medical Center Network are just two examples of the many companies that are effectively outsourcing some portion of IT security. Overall among U.S. companies, 25 percent are now outsourcing some aspect of IT security.

Questions
1. If you were developing a new system using the traditional systems development life cycle (SDLC), at what point would you need to identify that you needed to outsource some aspect of IT security?

2. In reference to the first question, how would you continue with the in-house systems development effort and, at the same time, carry on the process of outsourcing IT security with another company?

3. Boiling Springs Savings Bank did a background check on Perimeter before hiring it. Search the Web for resources than can help an organization do background checks on IT security firms. What did you find? Did you fi nd a couple of Web sites or certifi cation organizations that offer some guarantee of IT security firms? If so, whom did you fi nd?

4. Turning over IT security to an outside organization is tantamount to giving another organization complete access to all your systems and information. What stipulations would you include in a service level agreement with an IT security outsourcer to ensure that it didn't exploit the openness of your systems and steal strategic and sensitive information?

5. Do some research on the Web for companies that specialize in IT security outsourcing besides Perimeter and Symantec. Whom did you find? Do they seem to be reputable? Do they include a list of clients you can contact for references?

Reference no: EM131311369

Questions Cloud

What is lynn expected utility : a) Considering the probability that there is a fire, what is Lynn's Expected Wealth, E(W)? b) What is Lynn's Expected Utility, E(U)? c) What is Lynn's Certainty Equivalent)?
Understanding of issues and theory presented in the article : HI6025 Accounting Theory and Current Issue - Identification and discussion of the theory and concepts relevant to the selected article and Analysis and demonstrated level of understanding of key issues and theory presented in the article
Which part of investigation made the biggest impact on you : Explain which part of the investigation made the biggest impact on you. Describe some of the challenges Human Services Professionals may face when working on child abuse cases. What are your suggestions for dealing with those ch..
Explain how adm coding solves the above errors : What are slope overload distortion and granular noise distortion in DM coding?
Should an organization outsource security : If you were developing a new system using the traditional systems development life cycle (SDLC), at what point would you need to identify that you needed to outsource some aspect of IT security?
Monopolist charge in market : 1. What price does the LOL Street Journal as a monopolist charge in each market? 2. What quantity is sold in each market? 3. How much pro?t does the journal make? (Round up to the second decimal).
Create newsletters to inform families of literature genres : You will create two newsletters to inform families of literature genres being presented in your future classroom. The newsletters should foster their child's exploration of literature and support learning in the classroom.
Develop a chart that lists characteristics of heart defects : Develop a chart that lists the characteristics of congenital heart defects, blood disorders, asthma, cystic fibrosis, insulin-dependent diabetes mellitus, chronic renal failure, childhood cancer, and congenital and acquired infectious diseases.
What is the difference between dm and dpcm : In transform coding, when a sender transmits the M matrix to a receiver, does the sender need to send the T matrix used in calculation? Explain.

Reviews

Write a Review

Business Management Questions & Answers

  Caselet on michael porter’s value chain management

The assignment in management is a two part assignment dealing 1.Theory of function of management. 2. Operations and Controlling.

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. Due to increase in the preference for light beer drinkers, Chris Prangel wants to introduce light beer version in Mountain Man. An analysis into the la..

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. An analysis into the launch of Mountain Man Light over the present Mountain Man Lager.

  Analysis of the case using the doing ethics technique

Analysis of the case using the Doing Ethics Technique (DET). Analysis of the ethical issue(s) from the perspective of an ICT professional, using the ACS Code of  Conduct and properly relating clauses from the ACS Code of Conduct to the ethical issue.

  Affiliations and partnerships

Affiliations and partnerships are frequently used to reach a larger local audience? Which options stand to avail for the Hotel manager and what problems do these pose.

  Innovation-friendly regulations

What influence (if any) can organizations exercise to encourage ‘innovation-friendly' regulations?

  Effect of regional and corporate cultural issues

Present your findings as a group powerpoint with an audio file. In addition individually write up your own conclusions as to the effects of regional cultural issues on the corporate organisational culture of this multinational company as it conducts ..

  Structure of business plan

This assignment shows a structure of business plan. The task is to write a business plane about a Diet Shop.

  Identify the purposes of different types of organisations

Identify the purposes of different types of organisations.

  Entrepreneur case study for analysis

Entrepreneur Case Study for Analysis. Analyze Robin Wolaner's suitability to be an entrepreneur

  Forecasting and business analysis

This problem requires you to apply your cross-sectional analysis skills to a real cross-sectional data set with the goal of answering a specific research question.

  Educational instructional leadership

Prepare a major handout on the key principles of instructional leadership

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd