Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 6 - Outsourcing Outsourcing. © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed.

Published byArnold Gervais McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "1 6 - Outsourcing Outsourcing. © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed."— Presentation transcript:

1 1 6 - Outsourcing Outsourcing

2 © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed outside of the entity’s normal service delivery envelope. Loss of control (Priority, timing, effort, changing deadlines, etc.) Additional security risks (Lack of understating of outsourcer’s security procedures, lack of knowledge of their consistent application) Concern over the inadequacy of IT governance procedures (Within the organization and at the outsourcer) Contract terms and service level agreements are not consistently met (Poor/inadequate contract management, lack of contract metrics and lack of timely reporting) Re-outsourcing of services to another third party (Concern despite contractual agreements, use of cloud computing by outsourcer, etc.) S-2 Outsourcing

3 © Robert G Parker – UW-CISA 2010 Renaissance in USA Industrial manufacturing by 2015 2015-China only 10% to 15% Cheaper than the USA 2010 – Caterpillar opening 600,000 sq-ft. manufacturing facility in Texas Manufacturing Costs S-3 Outsourcing

4 Emerging Economies Source-Canwest Times Colonist- May 28, 2008 Transportation Costs Outsourcing

5 © Robert G Parker – UW-CISA 2010 Outsourcing Outsourcing Risks UCSF outsourced the processing of its medical transcripts to a U.S.-based company that outsourced the records to yet another company in the U.S. The second outsourcing company, in turn, sent the transcripts to a company in Pakistan for processing. A Pakistani data entry clerk attempted to extort money from the University of California at San Francisco’s (UCSF) Medical Center. The Pakistani clerk was having trouble getting paid for her work, so she directly contacted the University, attached some of the medical data she had as proof, and demanded payment, threatening that she would post all of the medical records on the Internet if she did not receive the money. The UCSF Medical Center asserted it was not even aware that sensitive medical records were processed offshore. S-5

6 © Robert G Parker – UW-CISA 2010 6 - Outsourcing Increasing labour rates in Asia Increasing transportation rates between North America and Asia Security concerns over intellectual property Lack of ‘hands-on’ control Language and cultural differences Regulating laws Cultural differences Business Risks S-6

7 © Robert G Parker – UW-CISA 2010 6 - Outsourcing Implement more sophisticated automated manufacturing processes in North America Reduce transportation volume between North America and Asia Increase use of lockable/destructable software code vs. mechanical controls to protect intellectual property Repatriate ‘hands-on’ control (Your people in their land) Implement two way cultural training Establish all laws to be in country exporting the work or technology Outsourcing Risk Management S-7

8 8 7 - Public Trust Public Trust

9 © Robert G Parker – UW-CISA 2010 7 - Public Trust Technology Appears to Present a Threat to Society Hackers, Security Breaches, Identity Theft, Viruses, Worms, etc. Concerns Over Data Theft, Confidentiality of Personal Information Concerns over Identity Management, Credit Card Fraud and Unauthorized Access or Sharing of Information With warnings about viruses, worms, Trojan horses, phishing, identity theft, hackers, and an ever increasing prevalence of malware, users of Information Technology have expressed legitimate concerns. With the business need to reduce costs, technology provides an enticing opportunity for eBilling, payments, distribution of newsletters, product information, and any number of product support scenarios. Users want assurance that their information is safe and that they are dealing with a legitimate business S-9

10 10 Public Trust The Attacks Increase

11 11 Public Trust The Attacks Increase 77 Million User Accounts

12 12 Public Trust Canada Is Not In An Enviable Position

13 13 Public Trust Information security management was reported to be third on ISACA's 2011 Survey of Top Business/Technology Issues. The survey attributed the finding to a combination of high profile breaches and the large investment in security technologies. Most significant issue were the unknown security threats or those security threats that are not fully assessed. Other issues in order of ranking, that likely contribute to the a lack of public trust include: Information security controls are not regularly assessed for performance and effectiveness. Top management is not involved "in setting direction and objectives for information security ". “Lack of enterprise-wide information security awareness and training ". Perception that security is owned by Technology. Lack of integration of information security into the culture of the organization.

14 14 IT Governance Business Reaction Public Trust Risk Management Lack of enterprise wide training and awareness of The risks Lack of enterprise level ownership of the risk Lack of ownership, accountability and responsibility Lack of a security culture 319% should be a wake up call to businesses and professionals Cyber risks must be taken seriously Increased senior management involvement is security and the security message Initiation of an enterprise-wide security program C-suite responsibility and direction for the security program

Download ppt "1 6 - Outsourcing Outsourcing. © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
CYBER & Product Liability & Professional Indemnity

CYBER & Product Liability & Professional Indemnity
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure.

1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.

 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
OVERVIEW OF COMPUTER CRIME LEGISLATION IN HAWAII

OVERVIEW OF COMPUTER CRIME LEGISLATION IN HAWAII
IT Outsourcing Andy Darnell Jennifer Lawrence Jessica Pruitt.

IT Outsourcing Andy Darnell Jennifer Lawrence Jessica Pruitt.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

Similar presentations

Ads by Google