Download pdf - Choosing a Service Delivery Model … · 2015-06-18 · Choosing a Service Delivery Model WEAKNESSES OPPORTUNITIES THREATS ffff In-house Procured Hybrid CESG Selectftheffffthatfffrganisatiofff

Transcript
Page 1: Choosing a Service Delivery Model … · 2015-06-18 · Choosing a Service Delivery Model WEAKNESSES OPPORTUNITIES THREATS ffff In-house Procured Hybrid CESG Selectftheffffthatfffrganisatiofff

Choosing a ServiceDelivery Model

WEA

KNES

SES

OPPO

RTUN

ITIES

THRE

ATS

STRE

NGTH

Sffff In-house Procured Hybrid

CESG

Selectingfthefservicefdeliveryfmodelfthatffitsfyourforganisationfandfdeliversfthefrequiredfbusinessfandfsecurityfoutcomesfisfcritical0fUseftheffollowingfSWOTfkstrengthsCfweaknessesCfopportunitiesCfthreatspfanalysisftofconsiderfthefadvantagesfandfdisadvantagesfoffthefthreefmostfcommonfmodels0ff

©fCrownfCopyrightf2515f

• In1housexresourcesxunderstandxthexbusinessxandxthexenvironment7 andxcanxmakexmorexbusinessxfocusedxriskxmanagementxdecisionsE• Organisationxhasxcompletexcontrolxofxallxrelevantxsecurityx

policies7xproceduresxandxprocessesE• Sensitivexoperationalxactivitiesxandxinformationxretainedx

withinxthexorganisationE

• Supplierxisxresponsiblexforxrecruiting7xtrainingxandxretainingxsecurityxspecialistsE• Asxaxdedicatedxsecurityxorganisation7xthexsupplierxisx

favourablyxpositionedxtoxhirexandxretainxskilledxresources7shouldxhavexhighxsecurityxstandardsxandxbexregularlyxauditedE• Thexsupplierxoffersxexpertxandxspecialistxservicesxasxaxcorex

businessE

• ThexsupplierxoffersxexpertxandxspecialistxsecurityxanalystxservicesxasxaxcorexbusinessE• Supplierxcanxprovidexcriticalxfriendx

andxknowledgextoxhelpxestablishxin1housexserviceE

• VisibilityxofxthexriskxlandscapexbeyondxthexboundariesxofxthexorganisationxcanxbexlimitedE• RecruitingxandxretainingxsecurityxspecialistsE• OngoingxxsecurityxspecialistxtrainingxcommitmentE• Withxlittlexorxnoxexperiencexofxoperatingxthisxtypexofx

service7xitxwillxtakexlongerxtoxestablishxaxservicexandxexposexthexorganisationxtoxincreasedxriskE

• Businessxinformationxandxmonitoringxdataxwillxbexheldxoff1sitexandxmanagedxbyxthexsupplier7xraisingxadditionalxrisksE• Maintainingxthexcontinuityxofxarchivedxrecordsxtoxmeetx

legalxorxregulatoryxrequirementsxwhenxaxcontractxisxterminatedE

• ThexneedxtoxrecruitxandxretainxsomexspecialistsE• ThexneedxforxsomexongoingxspecialistxtrainingE• Maintainingxthexcontinuityxofxarchivedxrecordsxtoxmeetxlegalx

orxregulatoryxrequirementsxwhenxaxcontractxisxterminatedE• Somexbusinessxinformationxandxmonitoringxdataxwillxbexheldx

off1sitexandxmanagedxbyxthexsupplier7xraisingxadditionalxrisksE

• MaximisexinvestmentxinxexistingxsecurityxproductsE• Reductionxorxredeploymentxofxsecurityxresourcesxforx

greaterxeffectE• Developmentxofxin1housexspecialistxsecurityxskillsE• Flexibilityxtoxchangexthexsecurityxoperationsxservicesxasx

required7xencouragingxaxmorexpro1activexandxdynamicxriskxmanagementxapproachE

• MorexinformedxriskxmanagementxcapabilityxasxthexsupplierxisxdevelopingxanalyticxsolutionsxtoxprotectxallxitsxcustomersEx• Thexsupplierxshouldxseexpatternsxdevelopingxacrossxtheirx

customerxset7xandxprovidexadvancexwarningsxofxattacksxallowingxdefencesxtoxbexputxinxplaceE• Thexsupplierxmayxhavexexistingx’)j7xcapability7xifxrequiredE• ThexsupplierxmayxprovidexmaturexincidentxresponsexprocessesE• Anyxdedicatedxsecurityxresearchxcapabilitiesxwithinxthexsupplierx

couldxbenefitxthexorganisationE

• RetentionxofxsensitivexoperationalxactivitiesxandxinformationxwithinxthexbusinessE• Flexibilityxtoxtailorxaspectsxofxthexservicextoxmeetxspecificxriskx

managementxneedsE• Nst levelxresponsexcouldxbexretainedxlocallyxwithxthexoptionx

toxrequestxsupportxfromxexternalxservicexprovidersE• Thexsupplierxshouldxseexpatternsxdevelopingxacrossxtheirx

customersxthatxcouldxprovidexadvancexwarningsxofxanxattackxandxallowxdefencesxtoxbexputxinxplaceE• Developmentxofxsomexin1housexspecialistxsecurityxskillsE

• In1housexsecurity analystsxmayxnotxseexwidexscalexattacksxdevelopingE• Easierxforxmaliciousxinsiderxtoxcolludexwithxin1housex

analystE• In1housexservicexcouldxbexswampedxbyxaxmajorxincidentE• LackxofxskilledxanalystxresourcesxinxthexmarketE• Thexamountxofxinformationxgeneratedxbyxthexmonitoringx

capabilityxcouldxfloodxthexorganisationE

• Thexsupplierxmayxbexresponsible forxnumerousxcustomersxandxmayxtimexslicexresourcesE• Thexfullxbusinessxrelevancexofxsecurityxeventsxmayxnotxbex

understoodE• Notxhavingxanxin1housexcapabilityxmayxgivexaxfalsexsensexofx

security7xandxaffectxthexorganisation’sxIAxcultureE• Thexsupplierxmayxonlyxofferxaxstandardisedxservicexwhichxmayx

notxdirectlyxsupportxthexorganisation’sxriskxmanagementxobjectivesE• Reducedxflexibilityxandxincreasedxrisk7xduextoxlongxleadxtimesx

toxdeliverxchangesxrequestedxbyxthexorganisationE

• Blurringxofxin1housexandxsupplierxresponsibilities7xpossiblyxleadingxtoxservicexdeliveryxconfusionxFespeciallyxinxthexareasxofxincidentxresponsexandxhandling2E• Thexsupplierxmayxbexresponsiblexforxaxnumberxofx

customersxandxmayxtimexslicexanalyticalxandxspecialistxresourcesE

Recommended

Choosing a Project Delivery Method
Choosing a Project Delivery Method Documents
Guidance to CESG Certification for IA Professionals v1€¦ · Guidance to CESG Certification for IA ... more senior the role, ... CESG Certification for IA Professionals
Guidance to CESG Certification for IA Professionals v1€¦ · Guidance to CESG Certification for IA ... more senior the role, ... CESG Certification for IA Professionals Documents
Choosing a Service Delivery Model … a... · Choosing a Service Delivery Model WEAKNESSES OPPORTUNITIES THREATS ffff In-house Procured Hybrid CESG Selectftheffffthatfffrganisatiofff
Choosing a Service Delivery Model … a... · Choosing a Service Delivery Model WEAKNESSES OPPORTUNITIES THREATS ffff In-house Procured Hybrid CESG Selectftheffffthatfffrganisatiofff Documents
CHOOSING THE RIGHT HR SERVICE DELIVERY TECHNOLOGY … · 2019-06-25 · Introduction - Modern HR Service Delivery for a Modern World Over the last five years, we have witnessed a
CHOOSING THE RIGHT HR SERVICE DELIVERY TECHNOLOGY … · 2019-06-25 · Introduction - Modern HR Service Delivery for a Modern World Over the last five years, we have witnessed a Documents
Download the 2020 CHOOSING THE RIGHT Media Pack ... · CHOOSING THE RIGHT CONNECTIVITY FOR DRUG DELIVERY AND MEDICAL PRODUCTS “The number and feature sets of connectivity technologies
Download the 2020 CHOOSING THE RIGHT Media Pack ... · CHOOSING THE RIGHT CONNECTIVITY FOR DRUG DELIVERY AND MEDICAL PRODUCTS “The number and feature sets of connectivity technologies Documents
A Report on Choosing an Online Homework Delivery System N. Leveille March 3, 2008 CMS Seminar
A Report on Choosing an Online Homework Delivery System N. Leveille March 3, 2008 CMS Seminar Documents
Computer Engineering and Systems Group - CESG
Computer Engineering and Systems Group - CESG Documents
SEA CESG SUMMARY
SEA CESG SUMMARY Documents
Improving the Delivery of Health Services...E-mail: feedback@worldbank.org Improving the Delivery of Health Services: A Guide to Choosing Strategies Peter Berman, Sarah Pallas, Amy
Improving the Delivery of Health Services...E-mail: [email protected] Improving the Delivery of Health Services: A Guide to Choosing Strategies Peter Berman, Sarah Pallas, Amy Documents
Communications-Electronics Security Group. Identifier Based PKC - Potential Applications Dr. Ian Levy CESG
Communications-Electronics Security Group. Identifier Based PKC - Potential Applications Dr. Ian Levy CESG Documents
GRAFOLOGÍA C.E.S. ESTUDIO DEL ÓVALO CAPITULO XIV CESG … · GRAFOLOGÍA C.E.S. ESTUDIO DEL ÓVALO CAPITULO XIV CESG 02 / 2016 info@educacion-ces.com.ar
GRAFOLOGÍA C.E.S. ESTUDIO DEL ÓVALO CAPITULO XIV CESG … · GRAFOLOGÍA C.E.S. ESTUDIO DEL ÓVALO CAPITULO XIV CESG 02 / 2016 [email protected] Documents
British Craftsmanship Relax - Microsoft · 2016-03-16 · Comfort is all about choosing the right size - with sup er fast delivery ZipSPEED delivery on 13 recliners ‘Tailored-to-Fit’
British Craftsmanship Relax - Microsoft · 2016-03-16 · Comfort is all about choosing the right size - with sup er fast delivery ZipSPEED delivery on 13 recliners ‘Tailored-to-Fit’ Documents
Space Link Services Area report to CESG
Space Link Services Area report to CESG Documents
Slides - Choosing Your e-Learning Development and Delivery Method
Slides - Choosing Your e-Learning Development and Delivery Method Education
Cloud Strategy - Choosing the right Service Delivery Model
Cloud Strategy - Choosing the right Service Delivery Model Technology
Guidance to CESG Certification for Cyber Security/IA ... · Guidance to CESG Certification for Cyber Security/IA Professionals . ... companion document, ... The cyber security/IA
Guidance to CESG Certification for Cyber Security/IA ... · Guidance to CESG Certification for Cyber Security/IA Professionals . ... companion document, ... The cyber security/IA Documents
Seminar_New -CESG
Seminar_New -CESG Documents
Choosing Delivery Software for a Digital Library Jody DeRidder Digital Library Center University of Tennessee
Choosing Delivery Software for a Digital Library Jody DeRidder Digital Library Center University of Tennessee Documents