It can be difficult to know where to begin. Kip describes a method for selecting which cybersecurity tasks to outsource.
- [Presenter] It can be difficult to know which task makes a good candidate for outsourcing. My rule of thumb is to keep the work that is core to your business in the hands of employees. That leaves a lot of other tasks that could be outsourced. Let's see how you can find them. There are three categories of tasks into which you can sort the work. Core tasks require higher quality decisions than outsourcers can provide. Typically the decision maker needs an in-depth understanding of how the business makes money. They must also have strong working relationships with other decision makers across the company. Here are two examples of how core tasks help the business take smart cyber risks. Chairing the Information Security Steering Committee, which makes policy decisions for the entire organization, and supporting the renewal of your annual cybersecurity insurance policy which sets the types and amounts of coverage. The second category is strategic outsource. These are cybersecurity tasks that contain a lot of research or analysis that does not require strong internal relationships or an in-depth understanding of how the business makes money, but the actual decision does. With these tasks your employees are assisted by outside experts who do the majority of the detailed work. Here are two examples of how strategic outsourced tasks help boost the productivity of the cybersecurity team. Assessing the effectiveness of your firewalls and performing digital forensics in support of incident management. Finally there are commodity outsourced tasks. With these tasks outsiders do nearly all of the work under direct oversight of your employees, and with this category of tasks, the outsource team makes the majority of the decisions by following rules and guidelines provided by you in advance. Here are two examples of commodity outsourced tasks. Resetting passwords, which is risky work, but does not require specialized knowledge of your internal organization, and performing 24 by seven network security monitoring.
- Benefits of outsourcing
- Examples of work to outsource
- Reasons to outsource cybersecurity
- Preparing to outsource cybersecurity
- Managing outsourced work vs. managing staff
- Risks of outsourcing cybersecurity
- Document requirements
- Selecting a vendor
- Managing a vendor