Moreover, it enables you to determine which information security functions should be performed by a third party, better manage third-party relationships, and ensure that any functions handed over to a third party meet good security standards. From discussions on the IT outsourcing marketplace and the pros and cons of the IT outsourcing decision process, to a look at IT and IS service provider relationships and trends affecting outsourcing, this essential reference provides insight into how organizations are addressing some of the more thorny issues of IT and security outsourcing.

Contents:

Foreword.

Preface - The Time Was Right. The Intent of the Book. Acknowledgements.

Outsourcing and Information Security - First - Some Definitions. Second - A Clarification. Y2K as a Turning Point. The Post Y2K Outsourcing Speed Bump. Shaky Managed Security Services Providers. A Prognosis. The Information Security Market.

Information Security Risks - Threats. Vulnerabilities. Summary.

Justifying Outsourcing - Professed Reasons to Outsource. The Basis for Decision. Reasons for Considering Outsourcing. Summary.

Risks of Outsourcing - Loss of Control. Viability of Service Providers. Relative Size of Customer. Quality of Service. The Issue of Trust. Performance of Applications and Services. Lack of Expertise. "Hidden" and Uncertain Costs. Limited or No Customization and Enhancements. Knowledge Transfer. Shared Environments. Legal and Regulatory Matters. Summary and Conclusion.

Categorizing Costs and Benefits - Structured, Unbiased Analysis ¾ The Ideal. Costs and Benefits.

Costs and Benefits Throughout the Evaluation Process - Triggering the Process. Different Strokes. Analysis of Costs and Benefits. Costs to the Customer. Costs to the Service Providers. Benefits to the Customer. Benefits to the Service Providers. Refining the Statement of Work. Service Level Agreement. Implementation. Transition Phase. Transferring form In-House to Out-of-House. Monitoring, Reporting and Review. Dispute Resolution. Incident Response, Recovery and Testing. Extrication. Conclusion.

The Outsourcing Evaluation Process - Customer and Outsourcer Requirements--Including All Costs. Structure of the Chapter. The Gathering of Requirements. Business Requirements. Viability of the Service Provider. Marketplace and Busyness Prospects. Technology Requirements.

Outsourcing Security Functions and Security Considerations when Outsourcing - Security Management Practices. Asset Classification and Control. Information Security Policy. Access Control and Identity Protection. Application and System Development. Operations Security and Operational Risk. Security Models and Architecture. Physical and Environmental Security. Telecommunications and Network Security. Cryptography. Disaster Recovery and Business Continuity. Law, Investigations, Ethics. Summary.

Summary of the Outsourcing Process ¾ Soup to Nuts.

Appendix A - Candidate Security Services for Outsourcing.

Appendix B - A Brief History of IT Outsourcing.

Appendix C - A Brief History of Information Security.

Selected Bibliography. Index.

C. Warren Axelrod is a director of Pershing LLC, a BNY Securities Group Co., where he is responsible for global information security. He has been a senior information technology manager on Wall Street for more than 25 years, has contributed to numerous conferences and seminars, and has published extensively. He holds a Ph.D. in managerial economics from Cornell University, and a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.