Outsourcing, Offshoring & vulnerabilities

Facebooktwitterlinkedinmailby feather

I think  outsourcing and offshoring should not be seen as threats but as sources of threats if these activities are not properly supervised. The standards ISO / IEC 27001 and 27002 provide the framework for these activities in terms of cyber security:

  • At the data and flows exchange, by encrypting
  • Level access with the company’s identity through access management or the establishment of a badge system to access to some areas of the compagny, for example a contractor.

These activities must be framed in different ways to reduce the threats they may cause:

  • Through carrying out a risk analysis before launching the project or mission, which will assess the level of risk of the activity and reduce these risks before starting the outsourcing.
  • Via contracts with providers
  • Via the « cybersecurity assurance plan » often added to the starting note of the project that contains all project-related security measures and that be put in place throughout the activity.
  • Via compagny security policies, that contain all the cyber security requirements for contractors, partners, consultants, etc.
  • And it is also possible to audit its suppliers.

So if you create a governance plan for outsourcing/offshoring management, you can encrease easily the number of vulnerabilities that will exist on this activity or their threat level.

twitterlinkedinby feather

Auteur : Ju

Auditrice en sécurité informatique depuis plusieurs années, j’ai réussi une reconversion après avoir travaillé 12 ans comme journaliste. Je suis certifiée Iso/CEI 27001 Lead Auditeur (PECB) – ISLA1006895-2015-09. Parfois, je donne des cours et des conférences, et j’ai eu deux livres publiés par un éditeur… il y a fort longtemps.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *