Outsourcing and Data Security

Outsourcing is give advantage to the company focusing to their core business. Most of function that outsourced is supporting functions. However there are a lot of core functions that sent for outsourcing right now. Call center for the example, or data processing. Since the activity is sometimes very large and need a lot of person, so the best to manage this function is using outsourcing.

The outsourcing term also used in many other functions from cleaning service to auditing. Here’s some explanation from Jason Albanese and Wes Sonnenreich in his book about Network Security about the critical issue in outsourcing and data security

Imagine a group of criminals physically walking into your office and walking out with permanent access to the entire corporate network. You might think this is impossible. You'd be wrong.

Professional criminals do their homework. They will extensively research your company before they ever set foot on your property. They'll observe people coming and going for a while, looking for opportunities. By calling secretaries and human resources, they can learn key employees' names and office locations. They might even sift through the trash for useful information.

In most large companies, unfamiliar faces are always roaming the halls. Perhaps it's a group of repairmen or maybe it's the management consultants. As long as somebody is dressed appropriately and seems to know what he or she doing, nobody asks any questions.

A criminal can usually obtain all the access he needs just by successfully impersonating a temporary worker. For example, suppose a group of electricians has been working in your office for a week. The next week, a new guy comes in to do a final checkover. He's got the right uniform, knows the name of all the people involved, and knows exactly where to look, but he's not really an electrician. As long as he gets through the front door, he can get at your wiring closets, which means he can install a tap onto your network. Of course, you usually assume your outsource providers are trustworthy.

But what if they're not? What if the intruder in this example really did work for the electricians and really was part of the project? Let's face it: Few companies can afford to run a background check on every janitor, electrician, and telephone repairperson. Yet when you think about it, who's in a better position to obtain sensitive information without looking suspicious? The truth is that anyone working within your office environment has the capacity to compromise your security.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Technorati
  • Icerocket

Trackback URL for this post:

http://www.securityprocedure.com/trackback/123

SecurityProcedure.com | Information System Auditing Resources

Submitted by contact center (not verified) on Tue, 09/18/2012 - 19:51.

As the admin of this website іѕ working, no quеstіon vеrу гaρіԁly it wіll be
ωell-knoωn, due to its featuгe сontents.

User login

Who's online

There are currently 0 users and 13 guests online.