Outsourcing, Offshoring & vulnerabilities

Facebooktwitterlinkedinmailby feather

I think  outsourcing and offshoring should not be seen as threats but as sources of threats if these activities are not properly supervised. The standards ISO / IEC 27001 and 27002 provide the framework for these activities in terms of cyber security:

  • At the data and flows exchange, by encrypting
  • Level access with the company’s identity through access management or the establishment of a badge system to access to some areas of the compagny, for example a contractor.

These activities must be framed in different ways to reduce the threats they may cause:

  • Through carrying out a risk analysis before launching the project or mission, which will assess the level of risk of the activity and reduce these risks before starting the outsourcing.
  • Via contracts with providers
  • Via the « cybersecurity assurance plan » often added to the starting note of the project that contains all project-related security measures and that be put in place throughout the activity.
  • Via compagny security policies, that contain all the cyber security requirements for contractors, partners, consultants, etc.
  • And it is also possible to audit its suppliers.

So if you create a governance plan for outsourcing/offshoring management, you can encrease easily the number of vulnerabilities that will exist on this activity or their threat level.

This post has already been read 1822 times!

twitterlinkedinby feather

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *