文档介绍：本科毕业论文(设计)
外文翻译
原文:
Creating an effective security risk model for outsourcing decisions
BT has substantial experience of outsourcing and off-shoring, particularly to panies, and supplier engagement processes are well established . BT outsources information munications technologies (ICT) work to bination of strategic and tactical suppliers. mon contractual framework has been implemented for strategic partners since 2003 and this includes prehensive set of baseline security requirements that can be enhanced to appropriate levels, depending on the nature of the information assets concerned. BT has redefined offshore outsourcing from being a tactical means of reducing operational costs, into a strategic tool for business transformation. This has resulted in a significant increase in the outsourcing and offshoring of ICT development, maintenance, support and contact centre activities. At the same time, customers and stakeholders are ing aware of their increasing reliance on electronic information and the risks posed by not just malicious acts, but also accidental exposure.
Outsourcing and offshoring presents a plex picture for conducting security risk assessments and the es may have a major impact on operational and business decisions. BT has therefore reviewed its approaches to security risk management to ensure that outsourcing assessments are built into the new dynamic environment in which ICT programmes exist. This paper details the evolution of processes to meet these new needs. Specific models, tools and techniques have been developed to ensure that effective and timely engagement with stakeholders occurs, that risks and requirements are identified municated, and that risk mitigation and management strategies are implemented within pliance and governance frameworks. The approach used by BT is based on HMG’s Infosec Standard No 1: Residual Risk Assessment Method (IS1) .
Security issues and risks are likely to change when sourcing outside your anisation even if