Outsourcing Policy

« Back to DataSecurityPolicies.com

Archive for the 'Outsourcing Policy' Category

Outsourcing Policy

I wrote a generic outsourcing policy for a presentation I’m giving on outsourcing security services.

Here’s the general outline:

Purpose
Scope/Applicability
Policy Statement
- Board and Management Responsibility
- Risk Mitigation Strategies: Outsourcing Team
- Business Case
- Due Diligence
- Business Continuity Management (BCM)
- Contractual Agreements
- Management and Control of the Outsourcing Relationship
- Offshoring
- Final Approval

Here’s an excerpt:

1.0 Purpose

The purpose of this policy is to establish the requirements for identifying, justifying, and implementing outsourcing arrangements for any Organization XYZ function.

2.0 Scope

This policy applies to all workforce members within Organization XYZ. It must be followed whenever Organization XYZ functions are outsourced.

3.0 Policy

To conduct operations as effectively and efficiently as possible, Organization XYZ may find it advantageous to outsource (use outside contractors for) certain functions. To ensure compliance with security objectives, these requirements must be followed:

You can download a copy of the policy here: Outsourcing Policy

November 13th, 2007 | Posted in Outsourcing Policy, Security Policies | 1 Comment

Recent Data Breaches

Have Laptop, Will Travel (But Without Data) (Business Wire via Yahoo! Finance)

Posted 4 hours ago

SANTA BARBARA, Calif.----Holiday travelers beware: Laptop theft is on the increase and thousands of Americans may be vulnerable to loss – not only of their laptops, but also of the critical information they contain. [Link]

Prevent Data Breaches by Protecting Valuable Work Information (Carteret County News-Times)

Posted 5 hours ago

(ARA) - Recent news headlines are causing concern for many Americans as company data breaches are on the rise. [Link]

Data Leakage Worldwide: Part 3 -- The Insider Threat (Marketwire via Yahoo! Finance)

Posted 6 hours ago

Part 3: Highlights/Key Facts: November 20, 2008 [Link]

Prevent Data Breaches by Protecting Valuable Work Information (Carteret County News-Times)

Posted 8 hours ago

(ARA) - Recent news headlines are causing concern for many Americans as company data breaches are on the rise. [Link]

Five Essential Computer Forensics Tools (Enterprise IT Planet)

Posted 24 hours ago

Cost-effective tools that determine if your systems are under attack, leaking sensitive data or both. [Link]

A bit of common sense: - Editorial (The Weber State University Signpost)

Posted 24 hours ago

First off, what is TSA? The Transportation Security Administration, aka guys that rifle through your Nintendo DS games and give you a hard time about your toothpaste at the airport, is a division of Homeland Security created after 9/11 and "is responsible for security of the nation's transportation systems." [Link]

FBI Issues Travel Tips For Wi-Fi Users (WDHN Dothan)

Posted 25 hours ago

Washington, DC) -- Thousands of Americans could be putting their personal and financial security at risk during the holiday season. [Link]

CREDANT and Safend Forge Strategic Partnership to Protect Enterprise Data (Marketwire via Yahoo! Finance)

Posted 29 hours ago

CREDANT Technologies, the market leader in data protection solutions, and Safend, a leading provider of enterprise endpoint Data Leakage Prevention solutions, today announced a partnership that will provide CREDANT customers with an unprecedented level of protection for their sensitive data. [Link]

Economic Bust, Cybercrime Boom (Forbes)

Posted 33 hours ago

Tough times boost the Internet's criminal markets--and buoy spending on IT security. [Link]

Opposition trafficking in data leaked, stolen from government departments (Times of Malta)

Posted 34 hours ago

The government is investing heavily in the generation and distribution of electricity - Gatt. Infrastructure, Transport and Communications Minister Austin Gatt yesterday accused the opposition of daily trafficking in data leaked and stolen from government departments. [Link]

Economic Bust, Cybercrime Boom (Forbes)

Posted 37 hours ago

Tough times boost the Internet's criminal markets--and buoy spending on IT security. [Link]

NYPD Opens New Counterterrorism Nerve Center (Officer.com)

Posted 38 hours ago

The project will rely largely on 3,000 closed-circuit security cameras covering roughly 1.7 square miles in and around the financial district. [Link]

Lower Manhattan Security Initiative Launched (WCBS-TV New York)

Posted 43 hours ago

The setting could pass for a high-tech trading floor: Men in dark suits sitting at tiered banks of desks, studying a steady stream of video and data on floor-to-ceiling monitors. The initiative will rely largely on 3,000 closed-circuit security cameras carpeting the roughly 1.7 square miles south of Canal Street. So far, about 150 cameras are in place, with another ... [Link]

NYPD Opens New Counterterrorism Nerve Center (Officer.com)

Posted 45 hours ago

The project will rely largely on 3,000 closed-circuit security cameras covering roughly 1.7 square miles in and around the financial district. [Link]

Lower Manhattan Security Initiative Launched (WCBS-TV New York)

Posted 46 hours ago

NYPD opens new counterterrorism nerve center (The State)

Posted 46 hours ago

The setting could pass for a high-tech trading floor: men in dark suits, sitting at tiered banks of desks, studying a steady stream of video and data on floor-to-ceiling monitors. But the front doors to the 28th-floor office near Wall Street are unmarked, and the men aren't fixated on stock market fluctuations. The stakes in their line of business, they ... [Link]

Lower Manhattan security initiative launched (AP via Yahoo! Finance)

Posted 47 hours ago

The setting could pass for a high-tech trading floor: Men in dark suits sitting at tiered banks of desks, studying a steady stream of video and data on floor-to-ceiling monitors. [Link]

Personal data of Gilbert residents found in model home (12 News Phoenix)

Posted 2 days ago

Boxes containing loan applications, Social Security numbers and bank account information for residents of a Gilbert neighborhood were discovered in a ransacked model home abandoned by a bankrupt developer. [Link]

Personal data of Gilbert residents found in model home (The Arizona Republic)

Posted 2 days ago

Information discovered in boxes in garage of a ransacked house in Higley Park. [Link]

DHHS tightening laptop security (The News & Observer)

Posted 2 days ago

Top administrators at the state Department of Health and Human Services say laptops must be loaded with encryption software by Thursday. [Link]

About the RSS Aggregator

Security News Feed

Mozilla to end support for Firefox 2

Posted 2 days ago

Stability and security releases for the browser will end next month, despite ongoing problems with Firefox 3 The Mozilla Foundation is planning to end support for the Firefox 2 browser in mid-December, despite the persistence of significant flaws in the most-recent version of the popular browser. ... [Link]

Net bombarded by heaviest ever attacks this year

Posted 8 days ago

Online networks suffered their heaviest brute force attacks to date this year, with more sites than ever coming under sustained assault. Online networks suffered their heaviest brute force attacks to date this year, with more sites than ever coming under sustained assault. IP networks were... [Link]

Schneier slams US border biometrics

Posted 16 days ago

The Department of Homeland Security has disputed Bruce Schneier's claim that the US-Visit program has had no impact on reducing criminal and terrorist threats. Security expert and BT chief security-technology officer Bruce Schneier has attacked the US-Visit border-biometrics program, saying it has had "zero benefit" in terms of security.... [Link]

Cloud-computing zombies for $299 per month

Posted 17 days ago

RSA says cloud-computing crimeware means networks of zombie machines can be hired to steal online-banking details for as little as $299 a month. Cloud-computing crimeware means networks of zombie machines can be hired to steal online-banking details for as little as $299 (£185) per month.... [Link]

How hackers were thwarted at the Beijing Olympics

Posted 20 days ago

Atos Origin explains how risk-management tech helped to prioritize the real risks hidden within. The security team behind the Beijing 2008 Olympic Games has revealed how it found the real risks hidden within the millions of alerts received every day. Faced with 12 million alerts per... [Link]

Cyberattacks target UK national infrastructure

Posted 3 weeks ago

Companies that play a key role in the Britain's national infrastructure are facing sustained cyber-espionage attacks, says a UK cyber-defense chief. Sustained cyber-espionage attacks are being waged on companies that play a key role in the Britain's national infrastructure, a UK cyber-defense chief has warned.... [Link]

Microsoft warns of financial crisis email scams

Posted 3 weeks ago

A Microsoft security expert warns that scammers will try to exploit the global financial crisis with e-mails that promise money but deliver fraud. LONDON--Internet fraudsters will try to exploit the global financial crisis by sending fraudulent emails purporting to offer cash-strapped consumers new mortgages, loans or money from failed... [Link]

The 'real' cost of application outages

Posted 3 weeks ago

Application downtime, whether you're measuring intermittent availability or fully downed systems, is too costly to ignore. The best way to avoid trouble is to view the infrastructure through the eyes of your transactions says OpTier's Motti Tal. Application downtime, whether you're measuring intermittent... [Link]

Symantec to identify safe software by 'reputation'

Posted 4 weeks ago

The company's tech will judge whether an app is unsafe by looking at where it can be found across the database of Symantec users and categorizing those machines as safe or otherwise. Symantec will soon introduce a "reputation-based" software-rating technology that it has claimed can accurately differentiate malicious malware... [Link]

EU concerned by airport full-body scanners

Posted 4 weeks ago

European lawmakers called Airport full-body scanners that show people's private parts a virtual strip search and voted for a detailed study of the technology. STRASBOURG, France--Airport full-body scanners that show people's private parts are a virtual strip search, European Union lawmakers said Thursday, calling for detailed study of the... [Link]

Red Hat CEO: Vista marks end of 'planned software'

Posted 4 weeks ago

Jim Whitehurst has claimed the proprietary software-development model is coming to an end, as open source better meets customer needs Big software releases like Windows Vista mark the end of "planned software" for the industry, according to Red Hat chief executive Jim Whitehurst. Speaking at a... [Link]

Step-on scanner lets air passengers keep shoes on

Posted 5 weeks ago

Magshoe has introduced a step-on scanner that spares airline travelers the nuisance of having to remove their shoes so they can be X-rayed for hidden weapons. LOD, Israel--Israel has introduced a step-on scanner that spares airline travelers the nuisance of having to remove their shoes so they can be... [Link]

Dell speeds backup with disk-to-disk system

Posted 6 weeks ago

The PowerVault DL2000 will simplify and accelerate data backup by offering disk storage and backup in one unit, Dell says. Dell has introduced the Dell PowerVault DL2000, a disk-to-disk system that places backup and recovery alongside the main data storage within one unit, with the aim of... [Link]

CIOs not taking a shine to Chrome

Posted 7 weeks ago

Most members of a silicon.com CIO jury say they're not even testing Google's Chrome--choosing to stay with Microsoft's Internet Explorer. In silicon.com's latest exclusive CIO Jury poll, the respondents revealed they were still steering clear of the application, with 10 out of 12 saying their IT teams are not... [Link]

Full encryption stops Amazon Web video leak: Adobe

Posted 7 weeks ago

Amazon.com has fixed a glitch in its video streaming service by adopting Adobe Systems encryption on all television shows and movies found on its site, software maker Adobe said. SEATTLE--Amazon.com has fixed a glitch in its video streaming service by adopting Adobe Systems encryption on all television shows and... [Link]

Hole in Adobe software allows free movie downloads

Posted 7 weeks ago

A security hole in Adobe Systems' software is giving users free access to record and copy from Amazon.com's video streaming service. NEW YORK--A security hole in Adobe Systems' software, used to distribute movies and TV shows over the Internet, is giving users free access to record and copy from... [Link]

What the credit crunch means for IT

Posted 9 weeks ago

The credit crunch has dominated the front pages in 2008, and claimed a number of high-profile scalps, such as that of the 158-year-old Lehman Brothers bank. As job losses mount, and with HP announcing it will lay off tens of thousands of workers following its purchase of EDS, here's... [Link]

Leaked Homeland Security doc warns of data threats

Posted 9 weeks ago

A memo from the US Department of Homeland Security has recommended that corporate and government leaders do not travel with mobile equipment carrying sensitive information. A document emphasizing mobile-data security threats has appeared online after being leaked from the US Department of Homeland Security. The... [Link]

Call off the dogs--authentication solution already in enterprise-class PCs

Posted 9 weeks ago

The answer to many of our security problems could be found in chips that are used to store credentials and user certificates says Wave Systems CEO Steven Sprague. Commentary--While static passwords are still the most widely employed type of user authentication credential today, they are fast losing... [Link]

Google bows to keystroke privacy concerns

Posted 10 weeks ago

To quell privacy fears, Google says IP addresses and other data stored through use of Google Suggest will be rendered anonymous within a day. See all ZDNet Chrome coverage. Google says it will anonymize user data received through search requests entered in the company's search engine... [Link]

About the RSS Aggregator


First Name:
Email:

Archive for the 'Outsourcing Policy' Category

Get the BEST security policies reference book!

Recent Data Breaches

Archives

Categories

Information Security

Links

Security Policies

Security News Feed