|
Outsourcing Information Security (Computer Security Series)
|
List Price:
$85.00
Homebizpc.com Price:
$68.00
Your Savings: $ 17.00 ( 20% )
Subject To Change Without Notice
Availability: Usually ships in 24 hours
Manufacturer: Artech House Publishers
|
Average Customer Rating:  
|
|
Binding: Hardcover
Dewey Decimal Number: 005.8
EAN: 9781580535311
ISBN: 1580535313
Label: Artech House Publishers
Manufacturer: Artech House Publishers
Number Of Items: 1
Number Of Pages: 266
Publication Date: 2004-09-30
Publisher: Artech House Publishers
Studio: Artech House Publishers
|
|
|
|
|
|
Editorial Reviews:
|
|
This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions. Moreover, it enables you to determine which information security functions should be performed by a third party, better manage third-party relationships, and ensure that any functions handed over to a third party meet good security standards. From discussions on the IT outsourcing marketplace and the pros and cons of the IT outsourcing decision process, to a look at IT and IS service provider relationships and trends affecting outsourcing, this essential reference provides insight into how organizations are addressing some of the more thorny issues of IT and security outsourcing.
|
|
|
Spotlight customer reviews:
|
Customer Rating: 
Summary: A bit thin on the security-specific aspects of outsourcing
Comment: For a book with the word 'information security' in the title, the author should have devoted more attention to the security-specific aspects of outsourcing.
Out of the nine chapters in the book, only three deal with information security:
Chapter 1 - Outsourcing and Information Security
Chapter 2 - Information Security Risks
Chapter 8 - Outsourcing Security Functions and Security Considerations When Outsourcing
The rest of the book deals with generic topics such as the advantages and disadvantages of outsourcing, the vendor selection and evaluation process, and how to determine whether outsourcing makes sense in the first place.
Much of the material consists of tables, listings and decision tree diagrams of the different scenarios that can arise during the outsourcing process. However, the discussion is too shallow and generic to be of much practical use.
For example, legal and regulatory matters are covered in a brief three-paragraph section in the chapter on the risks of outsourcing. With the proliferation of privacy laws and regulations, which vary widely from country to country (and even from state to state), compliance is a real concern for companies looking to outsource some of their data storage or data processing functions to foreign vendors. Much could be written on this subject, and a thorough explanation of its impact on the outsourcing arrangements would be useful for someone trying to navigate this minefield. Sadly, discussion at this level of detail is lacking in this book.
Nevertheless, there is enough basic advice here to make this a worthwhile read for anyone new to the world of security outsourcing.
Customer Rating:
Summary: OUTSOURCING INFORMATION SECURITY MAY POSE DIRE CONSEQUENCES FOR BUSINESS AND GOVERNMENT
Comment: Despite the widespread controversy surrounding the outsourcing of information security, organizations must understand and consider what costs and benefits are incurred and gained, respectively. Author C. Warren Axelrod has done an outstanding job of presenting the controversy surrounding the intersection of the two most dynamic, difficult, and controversial areas of information technology today, namely, outsourcing and security.
Axelrod begins this book by defining the scope of the treatment of the joint topics of outsourcing and security. Next, the author lays out the range of information security risk that are confronted daily, whether an activity is outsourced or not. Then, he looks at the risk of outsourcing. In addition, the author describes in detail the categories of costs and benefits. He also describes how the outsourcing costs and benefits relate to the Request for Information (RFI) and Request for Proposal (RFP) processes. Then, he looks at the outsourcing evaluation process that takes place once the information has been collected and sorted. The author then delves into the specific security considerations that affect the outsourcing decision and how they should be handled. Finally, he summarizes the full flow of the outsourcing evaluation and decision processes.
With the preceding in mind, the author has done an excellent job of presenting how outsourcing opportunities have become a continuous process as new services become available, new services of those services appear, and business takes on more of a global aspect. At the end of the day, it behooves a nimble organization in a competitive market to keep its outsourcing options open and its ability to evaluate choices finely tuned..
Customer Rating:
Summary: A Must Read!
Comment: This book provides a great overview of the issues surrounding the decision to outsource information security and also gets into specific issues and recommendations chapter by chapter. Outsourcing Information Security is written clearly and concisely; making it easy to read given the depth and sophistication of the subject matter covered.
The author is truly an expert and shares important anecdotes from his own experiences that all can learn from. This is not a sugar-coated diatribe about the bliss of outsourcing, nor is it a condemnation of companies that use these strategies. This work gets to the heart of the matter from a balanced and measured point of view; leaving the reader to decide for him or herself, if they should consider outsourcing information security.
I would highly recommend this book for anyone who is interested in this subject and is responsible for making key technology decisions on behalf of their organizations.
Customer Rating:
Summary: At Least It Explains the Problem
Comment: There are a bunch of reasons to outsource information security. You can get specialists who have a broader range of experience than your own company. You can get an outside view of everything from how to read the various logs your system puts out to what anti-virus program to install. There may be a cost savings to have someone else be monitoring your systems along with several other companies at the same time.
There are a bunch of reasons that you don't want to outsource information security. When it hits the fan, you are still the one responsible (especially so now with Sarbanes-Oxley in force, the real rules of which we still do not understand and won't until it's been to court a few times). You have more control over your own people, and you can much more carefully monitor them. This is especially true if the outside company has reduced its cost by establishing the monitoring center in some place like India. You can much more easily check to see if your new employee has just come from a few years vacation in Marion, Illinois.
It would be interesting to see how outsourcing information security would be treated by upper management. It's a cinch that they wouldn't understand enough to make a valid decision. You have to make the decision yourself, and unfortunately then you have to live with it.
This book is just about the only one on this subject. The author reports on some good situations, and some that didn't turn out so well. If this is a decision you have to make, here's at least a good start.
Customer Rating:
Summary: At Least It Explains the Problem
Comment: There are a bunch of reasons to outsource information security. You can get specialists who have a broader range of experience than your own company. You can get an outside view of everything from how to read the various logs your system puts out to what anti-virus program to install. There may be a cost savings to have someone else be monitoring your systems along with several other companies at the same time.
There are a bunch of reasons that you don't want to outsource information security. When it hits the fan, you are still the one responsible (especially so now with Sarbanes-Oxley in force, the real rules of which we still do not understand and won't until it's been to court a few times). You have more control over your own people, and you can much more carefully monitor them. This is especially true if the outside company has reduced its cost by establishing the monitoring center in some place like India. You can much more easily check to see if your new employee has just come from a few years vacation in Marion, Illinois.
It would be interesting to see how outsourcing information security would be treated by upper management. It's a cinch that they wouldn't understand enough to make a valid decision. You have to make the decision yourself, and unfortunately then you have to live with it.
This book is just about the only one on this subject. The author reports on some good situations, and some that didn't turn out so well. If this is a decision you have to make, here's at least a good start.
|
|
|
|
|
|
|
|
