Outsourcing can be expensive and have multiple risks; however, in this paper I will identify the possible risks to an organization in each of the following outsourcing situations: ▪ External service provider for data storage
▪ Enterprise service provider for processing information systems applications such as a payroll, human resources, or sales order taking ▪ Use of a vendor to support your desktop computers
▪ Use of a vendor to provide network support.
Also, in this paper, I will elaborate on a risk mitigation strategy. Outsourcing has risks and the information security team should ensure that the disaster recovery requirements of the outsourcing contract are sufficient and have been met before the signing of a contract for the consequences can be disagreeable. Finally, I will mention two major issues of concern for the organization are time and money for the outsourcing project.
Developing new information systems is a requirement for all facilities that must undergo, in order to compete with global companies. A Project risk management process is a significant approach for the identification, analysis, and the development of strategies, for responding to project risk - proficiently and successfully. There are certain significant goals for the risk management process to achieve that are 1. To provide information to monitor
4. Plan how to address multiple risks.
Sharing responsibilities in an organization is emerging to maximize the technological advances in communication. Information systems and network integration is vastly becoming complicated for organizations to choose the cost factor of outsourcing unless management prepares to enable safe practices for any risk that may arise. The one major risk organizations are encountering is the challenge to outsource information for the facility. The concerns are necessary for security safety to prevent the occurrence of extortion, sabatage, or acts of information extortion. Although medical facilities are requesting outsourcing of medical information, in the event of disaster recovery, cost is also a major concern. The procurement outsourcing services are expensive - including contract management. Organizations are now pressed to restructure the organization’s information system to improve the efficiency of retaining information in the event of a disaster. Global disasters have become frequent in numerous countries and cities, and the effects of the devastations are destroying everything in their paths. Computer crimes are on the rise and cyber-attacks are threatening most organization’s information systems. One solution would be is the utilizing the outsourced information to a vendor service as an alternative to insourcing the information at a high cost – no matter how one perceives the circumstances and consequences. The disruption of computer systems is one cause for information warfare victimizing individuals, organizations, and government with increasing mitigating risks. “Mitigation is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. This approach include three types of plans: the incident response plan (IRP), the disaster recovery plan (DRP), and the business continuity plan (BCP). Each of these plans depends on the ability to detect and respond to an attack as quickly as possible and relies on the existence and quality of the other plans” (Whitman, Mattford, 2005, p. 142, p. 1). An organization makes the decision to outsource as a contractual arrangement for the vendor to perform some or all functions for an organization (Cooper, Grey, Geoffrey, 2005). Companies choosing to optimize information systems should focus on reduction of cost and improvement of services. External Service Provider for Data Storage...