SlideShare ist ein Scribd-Unternehmen logo

Security For Outsourced IT Contracts

Als PPT, PDF herunterladen
Bill Lisse
Bill Lisse

The document discusses managing security risks when information technology functions are outsourced to third parties. It covers planning for outsourcing contracts, including assessing security risks, requirements for vendors, and contract terms. It also discusses selecting vendors, administering contracts over time through reviews and audits, and ensuring proper termination of contracts and systems access. Managing security is key throughout the outsourcing lifecycle from initial planning through contract completion.

1 von 15
Bill Lisse, CISSP, CISA, CGEIT, PMP, G7799 Corporate Information Security Officer 1/19/2011 Managing Security in Outsourced Information Technologies
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],Risk is always involved when third-party entities are given access to sensitive customer data, privileged business operation details, or intellectual property vulnerable to public or competitor disclosure.
Shifting Sands ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Shifting Sands ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Information technology outsourcing has grown in popularity as an efficient, cost-effective, and expert solution designed to meet the demands of systems implementation, maintenance, security, and operations.
Planning ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Planning is the most critical phase of IT contract management – information security should be built into the contract at its inception.
Planning ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Planning ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Planning ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Key issues can range from requiring the vendor to maintain specified levels of security through employee awareness training and contractual obligations and company indemnification by the vendor for any breaches.
Planning ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Source Selection and Award ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Contract Administration ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Contract Termination ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Don’t neglect contract termination; residuals and loose ends are real security risks.
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security For Outsourced IT Contracts

Empfohlen

William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William Tanenbaum
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeCloud Watchmen Inc.
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachPECB
 
Finding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyFinding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyIBMGovernmentCA
 
PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB
 
CISO Case Study 2011 V2
CISO Case Study 2011 V2CISO Case Study 2011 V2
CISO Case Study 2011 V2candy_alexander
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Atlantic Security Conference
 

Empfohlen

William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William Tanenbaum
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeCloud Watchmen Inc.
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachPECB
 
Finding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyFinding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyIBMGovernmentCA
 
PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB
 
CISO Case Study 2011 V2
CISO Case Study 2011 V2CISO Case Study 2011 V2
CISO Case Study 2011 V2candy_alexander
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Atlantic Security Conference
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Compliance IT Project Categories
Compliance IT Project CategoriesCompliance IT Project Categories
Compliance IT Project CategoriesMark Ritchie
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Financial Poise
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE Sarah Stogner
 
Dit yvol5iss36
Dit yvol5iss36Dit yvol5iss36
Dit yvol5iss36Rick Lemieux
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionAujas Networks Pvt. Ltd.
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
Offshore services
Offshore servicesOffshore services
Offshore servicesBrizGo
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...Dan Reynolds, CPA, CFE, CAMS
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBAlan Greggo
 
Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodologytbeckwith
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
The Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessThe Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessKylie Dunn
 
Planning A Secure Partner Portal
Planning A Secure Partner PortalPlanning A Secure Partner Portal
Planning A Secure Partner PortalLeo de Sousa
 
Winning Tactics for Data Governance
Winning Tactics for Data GovernanceWinning Tactics for Data Governance
Winning Tactics for Data GovernanceColleen Beck-Domanico
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
CBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ, Inc.
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Globalizing management education_issues_&_challenges_for___industry_&...
Globalizing management education_issues_&_challenges_for___industry_&...Globalizing management education_issues_&_challenges_for___industry_&...
Globalizing management education_issues_&_challenges_for___industry_&...Tweena Pandey
 
Absenteeism and performance the challenge of summer 2012 events
Absenteeism and performance the challenge of summer 2012 eventsAbsenteeism and performance the challenge of summer 2012 events
Absenteeism and performance the challenge of summer 2012 eventsMike Morrison
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Compliance IT Project Categories
Compliance IT Project CategoriesCompliance IT Project Categories
Compliance IT Project CategoriesMark Ritchie
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Financial Poise
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE Sarah Stogner
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionAujas Networks Pvt. Ltd.
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
Offshore services
Offshore servicesOffshore services
Offshore servicesBrizGo
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...Dan Reynolds, CPA, CFE, CAMS
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBAlan Greggo
 
Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodologytbeckwith
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
The Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessThe Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessKylie Dunn
 
Planning A Secure Partner Portal
Planning A Secure Partner PortalPlanning A Secure Partner Portal
Planning A Secure Partner PortalLeo de Sousa
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
CBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ, Inc.
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 

Was ist angesagt? (20)

Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
Compliance IT Project Categories
Compliance IT Project CategoriesCompliance IT Project Categories
Compliance IT Project Categories
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
 
Dit yvol5iss36
Dit yvol5iss36Dit yvol5iss36
Dit yvol5iss36
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protection
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk Management
 
Offshore services
Offshore servicesOffshore services
Offshore services
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems
 
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MB
 
Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodology
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
 
The Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessThe Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling Access
 
Planning A Secure Partner Portal
Planning A Secure Partner PortalPlanning A Secure Partner Portal
Planning A Secure Partner Portal
 
Winning Tactics for Data Governance
Winning Tactics for Data GovernanceWinning Tactics for Data Governance
Winning Tactics for Data Governance
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
CBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ Cyber Liability Flyer
CBIZ Cyber Liability Flyer
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines School
 

Andere mochten auch

Globalizing management education_issues_&_challenges_for___industry_&...
Globalizing management education_issues_&_challenges_for___industry_&...Globalizing management education_issues_&_challenges_for___industry_&...
Globalizing management education_issues_&_challenges_for___industry_&...Tweena Pandey
 
Absenteeism and performance the challenge of summer 2012 events
Absenteeism and performance the challenge of summer 2012 eventsAbsenteeism and performance the challenge of summer 2012 events
Absenteeism and performance the challenge of summer 2012 eventsMike Morrison
 
Intelligent Security, Compliance and Privacy in Office 365
Intelligent Security, Compliance and Privacy in Office 365Intelligent Security, Compliance and Privacy in Office 365
Intelligent Security, Compliance and Privacy in Office 365Miguel Isidoro
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefingNaba Barkakati
 
Peter Cheese webinar slides April 2013
Peter Cheese webinar slides April 2013Peter Cheese webinar slides April 2013
Peter Cheese webinar slides April 2013Mike Morrison
 
Unpacking Intuition - Prof Sadler-Smith
Unpacking Intuition - Prof Sadler-SmithUnpacking Intuition - Prof Sadler-Smith
Unpacking Intuition - Prof Sadler-SmithMike Morrison
 
080529 yashima ppfinal [compatibility mode]
080529 yashima ppfinal [compatibility mode]080529 yashima ppfinal [compatibility mode]
080529 yashima ppfinal [compatibility mode]MoonKJun
 
Human security introduction by dr. ghassan shahrour
Human security introduction by dr. ghassan shahrourHuman security introduction by dr. ghassan shahrour
Human security introduction by dr. ghassan shahrourGhassan Shahrour
 
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto Badruddeen
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
Watermarking & Encryption
Watermarking & EncryptionWatermarking & Encryption
Watermarking & EncryptionHossam Halapi
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentBill Lisse
 
9 June 2009 المحاضرة INFOSEC
9 June 2009 المحاضرة INFOSEC9 June 2009 المحاضرة INFOSEC
9 June 2009 المحاضرة INFOSECDr. Paul Coleman
 
أساليب تشفير البيانات، بناء مقاطع التشفير
أساليب تشفير البيانات، بناء مقاطع التشفيرأساليب تشفير البيانات، بناء مقاطع التشفير
أساليب تشفير البيانات، بناء مقاطع التشفيرOmar Alabri
 
4 أنواع خوارزميات التشفير
4 أنواع خوارزميات التشفير4 أنواع خوارزميات التشفير
4 أنواع خوارزميات التشفيررياض خليفة
 
Cisco network security Chapter7
Cisco network security Chapter7Cisco network security Chapter7
Cisco network security Chapter7Khalid Al-wajeh
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 

Andere mochten auch (20)

Globalizing management education_issues_&_challenges_for___industry_&...
Globalizing management education_issues_&_challenges_for___industry_&...Globalizing management education_issues_&_challenges_for___industry_&...
Globalizing management education_issues_&_challenges_for___industry_&...
 
Absenteeism and performance the challenge of summer 2012 events
Absenteeism and performance the challenge of summer 2012 eventsAbsenteeism and performance the challenge of summer 2012 events
Absenteeism and performance the challenge of summer 2012 events
 
Intelligent Security, Compliance and Privacy in Office 365
Intelligent Security, Compliance and Privacy in Office 365Intelligent Security, Compliance and Privacy in Office 365
Intelligent Security, Compliance and Privacy in Office 365
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefing
 
Security Administration Intro
Security Administration IntroSecurity Administration Intro
Security Administration Intro
 
Peter Cheese webinar slides April 2013
Peter Cheese webinar slides April 2013Peter Cheese webinar slides April 2013
Peter Cheese webinar slides April 2013
 
Unpacking Intuition - Prof Sadler-Smith
Unpacking Intuition - Prof Sadler-SmithUnpacking Intuition - Prof Sadler-Smith
Unpacking Intuition - Prof Sadler-Smith
 
080529 yashima ppfinal [compatibility mode]
080529 yashima ppfinal [compatibility mode]080529 yashima ppfinal [compatibility mode]
080529 yashima ppfinal [compatibility mode]
 
Human security introduction by dr. ghassan shahrour
Human security introduction by dr. ghassan shahrourHuman security introduction by dr. ghassan shahrour
Human security introduction by dr. ghassan shahrour
 
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 
Watermarking & Encryption
Watermarking & EncryptionWatermarking & Encryption
Watermarking & Encryption
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
9 June 2009 المحاضرة INFOSEC
9 June 2009 المحاضرة INFOSEC9 June 2009 المحاضرة INFOSEC
9 June 2009 المحاضرة INFOSEC
 
التشفير
التشفيرالتشفير
التشفير
 
أساليب تشفير البيانات، بناء مقاطع التشفير
أساليب تشفير البيانات، بناء مقاطع التشفيرأساليب تشفير البيانات، بناء مقاطع التشفير
أساليب تشفير البيانات، بناء مقاطع التشفير
 
4 أنواع خوارزميات التشفير
4 أنواع خوارزميات التشفير4 أنواع خوارزميات التشفير
4 أنواع خوارزميات التشفير
 
Cisco network security Chapter7
Cisco network security Chapter7Cisco network security Chapter7
Cisco network security Chapter7
 
Mutual exclusion
Mutual exclusionMutual exclusion
Mutual exclusion
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 

Ähnlich wie Security For Outsourced IT Contracts

Outsourcing Security Management
Outsourcing Security ManagementOutsourcing Security Management
Outsourcing Security ManagementNick Krym
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Michael Ofarrell
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesPeister
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06gbroadbent67
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
Class 2003 05 22
Class 2003 05 22Class 2003 05 22
Class 2003 05 22FNian
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017Joseph John
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017Elsa Prieto
 
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Proteus OCM Company Profile
Proteus OCM Company ProfileProteus OCM Company Profile
Proteus OCM Company ProfileKGanzy
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security ArchitecturePriyanka Aash
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 

Ähnlich wie Security For Outsourced IT Contracts (20)

Outsourcing Security Management
Outsourcing Security ManagementOutsourcing Security Management
Outsourcing Security Management
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology Services
 
David Whitaker: Managing Your Vendors
David Whitaker: Managing Your VendorsDavid Whitaker: Managing Your Vendors
David Whitaker: Managing Your Vendors
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Class 2003 05 22
Class 2003 05 22Class 2003 05 22
Class 2003 05 22
 
DLP
DLPDLP
DLP
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Tft2 Task3 Essay
Tft2 Task3 EssayTft2 Task3 Essay
Tft2 Task3 Essay
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017
 
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Proteus OCM Company Profile
Proteus OCM Company ProfileProteus OCM Company Profile
Proteus OCM Company Profile
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 

Security For Outsourced IT Contracts

  • 1. Bill Lisse, CISSP, CISA, CGEIT, PMP, G7799 Corporate Information Security Officer 1/19/2011 Managing Security in Outsourced Information Technologies
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.