Advantages And Disadvantages Of Security Outsourcing

746 Words3 Pages
1. Explain some advantages and disadvantages of security outsourcing. In your own opinion explain your thoughts on which option is better and why.
Security outsourcing is the contracting of the security function of an organization to third party firm. Simply put, employing outside organization or personnel who are not internal staff of the organization to carry out security activities of the organization. This has its merits and demerits:
Advantages of Security outsourcing
Cost Savings – Just as with any form of outsourcing, security outsourcing reduces long run costs as capital costs to be incurred on security infrastructure would be saved.
Specialty Knowledge – Often, outsourcing firms are always of in-depth knowledge about their areas
…show more content…
Cost – There might be hidden cost in security outsourcing if some terms and conditions are not well spelt out especially in respect of legal liabilities.
Quality Control – It can be difficult ensuring that the outsourced company renders services that meet the need and expectation of the organization where Key Performance Indicators (KPIs) are not properly spelt out.
In all, deciding on the better option for an organization is more of a strategic decision which depends on several factors like the nature of the business of the organization, the regulatory framework within which the organization operates, inherent risks of the business, business environment etc. However, in highly sensitive and confidential businesses, I will suggest that the organization opt for in-house security function. This will however involve recruiting and training qualified staff.
2. What is Data Classification? Why is it important in understanding it for assigning access control?
Data Classification is the process of categorizing data into different groups or classes for effecting management. It is very essential for organization to classify data as it allows them to determine the degree of sensitivity and criticality of each class of data and as a result, appropriate level of protection can be applied based on the assigned sensitivity level. Over or under protection of data can be avoided with proper data classification as only the necessary level of
Get Access