Upload File

when you outsource to india, where does your data go?: not where you think…

  • Home
  • Documents
  • When you outsource to India, where does your data go?: Not where you think…
1
Analysis When you outsource to to India where does your data go? 1 Pentagon panel checks privacy on war on terrorism 1 Cyber attacks on banks double for 2003 2 News In Brief 2,3 Corporate governance Crime and punishment: corporate governance 4 Log correlation The “Art” of log correlation: part 1 7 Video encryption The epic movie battle 12 Forensic policy The question of organizational forensic policy 13 Getting the Whole Picture A FARES baseline analysis case study 15 Events 20 Contents Many outsourced IT services are being subcontracted from Indian providers to countries such as Sudan, Iran and Bulgaria, which increases the security risk. Risk management profes- sionals are warning companies to stop and check that their service provider in India is actually performing contracted offshore services itself and not outsourcing further to other countries. Some companies in India are faced with a labour shortage and lack of proper infrastruc- ture to cope with the burst of business from the west. “They can’t deliver what they’ve signed up to deliver, said Samir Kapuria, director of strategic solutions at security consultan- cy, @stake, “so they outsource to other countries where the cost is lower.” Colin Dixon, project manag- er at the Information Security Forum (ISF), said many ISF members have reported this problem during an ongoing investigation by the elite secu- rity club into outsourcing risks. “Contracts should contain a clause banning offshoring companies from further out- sourcing without the client’s knowledge,” said Dixon. Companies are being put in the awkward position of “rely- ing on the Indian provider to perform due diligence on their subcontractors and you don’t know if they are able to do that,” he said. The elongated outsourcing chain multiplies the risk. It “leads to a high degree of sepa- ration in the development of applications for example,” said Kapuria. Compliance with corporate governance also gets more complicated as the responsibil- ity lies with the company and not the provider. And adher- ence to regulations gets even harder to control if services are being outsourced twice. Most ISF members have identified the issue and stopped it before signing a contract, said Dixon. But Kapuria said that some of @stake’s clients didn’t find out about the double outsourc- ing until after the contract was signed. Intrusion detection traffic coming from outside India alerted some banks that subcontracting was taking place, said Kapuria. 70% of blue-chip companies in the ISF are currently out- sourcing. When you outsource to India, where does your data go? Not where you think… Editor: Sarah Hilley Editorial Advisors: Peter Stephenson, US; Silvano Ongetta, Italy; Paul Sanderson, UK; Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; P.Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand; Charles Cresson Wood. Bill J. Caelli Editorial Office: Elsevier Advanced Technology, PO Box 150 Kidlington, Oxford OX5 1AS, UK Tel: +44-(0)1865-843645 Fax: +44-(0)1865-843971 Email: [email protected] Subscription Price for one year: (12 issues) US$833/¥102,240/769.00 including first class airmail delivery subject to our prevailing exchange rate Price valid to end of 2004 Subscription Enquiries: Orders and Payments: For customers residing in the Americas (North, South and Central America): Elsevier Journals Customer Service 6277 Sea Harbor Drive Orlando, FL 32887-4800, USA North American customers: Tel: +1 (877) 839-7126 Fax: +1 (407) 363-1354 Customers outside US: Tel: +1 (407) 345-4020 Fax: +1 (407) 363-1354 Email: [email protected] For customers in the rest of the World: Elsevier Science Customer Support Department PO Box 211, 1000 AE Amsterdam, The Netherlands Tel: (+31) 20-3853757 Fax: (+31) 20-4853432 Email: [email protected] To order from our website: www.compseconline.com Corporate governance — 4 Log correlation — 7 Publishers of Network Security Computers & Security Computer Fraud & Security Computer Law & Security Report Information Security Technical Report June 2004 ISSN 1361-3723 “They can’t deliver what they’ve signed up to deliver”

Post on 19-Sep-2016

215 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: When you outsource to India, where does your data go?: Not where you think…

Analysis

When you outsource to to India where does yourdata go? 1

Pentagon panel checks privacy on waron terrorism 1

Cyber attacks on banks double for2003 2

News In Brief 2,3

Corporate governance

Crime and punishment:corporate governance 4

Log correlation

The “Art” of log correlation:part 1 7

Video encryption

The epic movie battle 12

Forensic policy

The question of organizational forensic policy 13

Getting the Whole Picture

A FARES baseline analysis casestudy 15

Events 20

C o n t e n t s

Many outsourced IT servicesare being subcontracted fromIndian providers to countriessuch as Sudan, Iran andBulgaria, which increases thesecurity risk.

Risk management profes-sionals are warning companiesto stop and check that theirservice provider in India isactually performing contractedoffshore services itself and notoutsourcing further to othercountries.

Some companies in India arefaced with a labour shortageand lack of proper infrastruc-ture to cope with the burst ofbusiness from the west. “Theycan’t deliver what they’vesigned up to deliver, said SamirKapuria, director of strategicsolutions at security consultan-cy, @stake, “so they outsourceto other countries where thecost is lower.”

Colin Dixon, project manag-er at the Information SecurityForum (ISF), said many ISFmembers have reported thisproblem during an ongoing investigation by the elite secu-rity club into outsourcingrisks.

“Contracts should contain aclause banning offshoringcompanies from further out-sourcing without the client’sknowledge,” said Dixon.

Companies are being put inthe awkward position of “rely-ing on the Indian provider to

perform due diligence on theirsubcontractors and you don’tknow if they are able to dothat,” he said.

The elongated outsourcingchain multiplies the risk. It“leads to a high degree of sepa-ration in the development ofapplications for example,” saidKapuria.

Compliance with corporategovernance also gets morecomplicated as the responsibil-ity lies with the company andnot the provider. And adher-ence to regulations gets evenharder to control if services arebeing outsourced twice.

Most ISF members haveidentified the issue andstopped it before signing acontract, said Dixon.

But Kapuria said that someof @stake’s clients didn’t findout about the double outsourc-ing until after the contract wassigned.

Intrusion detection trafficcoming from outside Indiaalerted some banks that subcontracting was takingplace, said Kapuria.

70% of blue-chip companiesin the ISF are currently out-sourcing.

When you outsource to India, wheredoes your data go?

Not where you think…

Editor: Sarah Hilley

Editorial Advisors: Peter Stephenson,US; Silvano Ongetta, Italy; PaulSanderson, UK; Chris Amery, UK; JanEloff, South Africa; Hans Gliss, Germany;David Herson, UK; P.Kraaibeek, Germany;Wayne Madsen, Virginia, USA; BeldenMenkus, Tennessee, USA; Bill Murray,Connecticut, USA; Donn B. Parker, California,USA; Peter Sommer, UK; Mark Tantam,UK; Peter Thingsted, Denmark; HankWolfe, New Zealand; Charles CressonWood. Bill J. Caelli

Editorial Office:Elsevier Advanced Technology, PO Box 150Kidlington, Oxford OX5 1AS, UKTel: +44-(0)1865-843645Fax: +44-(0)1865-843971Email: [email protected]

Subscription Price for one year:(12 issues) US$833/¥102,240/�769.00including first class airmail delivery subject toour prevailing exchange rate

Price valid to end of 2004

Subscription Enquiries:Orders and Payments:

For customers residing in the Americas(North, South and Central America):Elsevier Journals Customer Service6277 Sea Harbor DriveOrlando, FL 32887-4800, USANorth American customers:Tel: +1 (877) 839-7126Fax: +1 (407) 363-1354Customers outside US:Tel: +1 (407) 345-4020Fax: +1 (407) 363-1354Email: [email protected]

For customers in the rest of the World:Elsevier Science Customer Support DepartmentPO Box 211, 1000 AE Amsterdam, TheNetherlandsTel: (+31) 20-3853757 Fax: (+31) 20-4853432Email: [email protected]

To order from our website:www.compseconline.com

Corporategovernance — 4

Log correlation — 7

Publishers of Network Security

Computers & Security Computer Fraud & Security

Computer Law & Security Report

Information Security Technical Report

June 2004

ISSN 1361-3723

“They can’t deliver what they’ve signed

up to deliver”

Why and Where to Outsource Data Entry Services? - Infographic

Things You Should Know in: OUTSOURCING · Before you outsource any task in your business you need to decide what types of things you will outsource. It is import-ant to create systems

Should you insource or outsource inside sales slideshare

To Outsource or Not to Outsource

Why You Should Outsource Your Business

Why Do You Need to Outsource Your Mobile App Development?

Why you should outsource your debt collection

Outsource you data processing services

Should You Hire Or Outsource Your Marketing Department?

Benefits Administration: Should You Outsource or Manage In

Benefits Administration: Should You Outsource or Manage In-House?

Sould You Outsource Your EHS Compliance?

Should You Outsource SEO?

Insource vs. Outsource QA: Which Is Right For You?

Should you outsource your marketing?

Why You Should Outsource Fleet Maintenance · maintenance. Keep in mind you don’t have to outsource your entire maintenance process. Some fleets choose to use a combination to realize

5 Reasons Why You Should Outsource Your Employement Tax Credits

150 needless distracting tasks you can outsource

nce 1999 3Dcities INDIA €¦ · - Outsource Architectural Detailing - Outsource Building information Modeling (BIM) - Outsource Floor plans for Property Marketing - Outsource Drawing

Eight Tips to Heed before You Outsource Business Tasks

SHOULD YOU OUTSOURCE YOUR INVESTMENT MANAGEMENT?firstascentam.com/wp-content/uploads/2019/11/Should_You... · 2019-11-22 · SHOULD YOU OUTSOURCE YOUR Scott MacKillop Founder and

Outsource data entry to us focus on what you do best !!!

Careful When You Outsource

9 - Should You Outsource Your Book?

Where to outsource your software development?

3 QA Services You Should Always Outsource

ARE YOU READY TO OUTSOURCE INJECTABLES? - HPCi Media

How to Outsource - stevecoast.com · What to Outsource If you already have a simple, well-defined problem to outsource you can of course skip this section. If you don’t, read on…

Where to outsource software development

Mavenlink: SHould You Outsource Your Marketing Department?

101 Things You Can Outsource To A Virtual Assistant

“Do what you do best and outsource the rest”shashiconsulting.com/.../20130412-Gastcollege-Outsourcing-HES-v1.… · Outsourcing “Do what you do best and outsource the rest

Get More When You Outsource SEO Philippines

SHOULD YOU OUTSOURCE YOUR INVESTMENT MANAGEMENT? · SHOULD YOU OUTSOURCE YOUR Scott MacKillop Founder and CEO, First Ascent Asset Management. Understanding the benefits and the trade-offs

Should you outsource your e-mail archive?