Outsourcing, Offshoring & vulnerabilities

Facebooktwitterlinkedinmailby feather

I think  outsourcing and offshoring should not be seen as threats but as sources of threats if these activities are not properly supervised. The standards ISO / IEC 27001 and 27002 provide the framework for these activities in terms of cyber security:

  • At the data and flows exchange, by encrypting
  • Level access with the company’s identity through access management or the establishment of a badge system to access to some areas of the compagny, for example a contractor.

These activities must be framed in different ways to reduce the threats they may cause:

  • Through carrying out a risk analysis before launching the project or mission, which will assess the level of risk of the activity and reduce these risks before starting the outsourcing.
  • Via contracts with providers
  • Via the « cybersecurity assurance plan » often added to the starting note of the project that contains all project-related security measures and that be put in place throughout the activity.
  • Via compagny security policies, that contain all the cyber security requirements for contractors, partners, consultants, etc.
  • And it is also possible to audit its suppliers.

So if you create a governance plan for outsourcing/offshoring management, you can encrease easily the number of vulnerabilities that will exist on this activity or their threat level.

This post has already been read 1357 times!

twitterlinkedinby feather

Auteur : Ju

Manager en sécurité informatique, je travaille sur le secteur depuis plusieurs années après une reconversion réussie suite à 12 annés dans le journalisme. J'adore la recherche, Je suis certifiée Iso/CEI 27001 Lead Auditeur (PECB) – ISLA1006895-2015-09. Parfois, je donne des cours et des conférences, et j’ai eu deux livres publiés par un éditeur… il y a fort longtemps.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *