Outsourcing ICT Security to MSSP: Issues and Challenges for The Developing World

نویسندگان

  • Jabiri Kuwe Bakari
  • Christer Magnusson
  • Charles N. Tarimo
  • Louise Yngström
چکیده

The overall use and development of ICT in developing countries has been faced with a wide range of constraints and challenges. These constraints may concern culture, infrastructure and education, and involve social, legal, political or economic issues. Numerous problems related to each of these issues have been observed. The problems may include, for example the absence of ICT policies, implementation procedures, a general lack of appropriate knowledge of ICT (among suppliers, managers, planners and users), too few trained /skilled ICT personnel or simply budget constraints. Among the critical issues that call for immediate attention and action are the security of information assets and processing systems. ICT security management poses a big challenge given the range of constraints mentioned and is critical for the trust and normal functioning of the various ICTs deployed. As is widely known, ICT security management process needs a holistic approach with experienced personnel, right policy and procedures, and the right technology. It also requires continuous monitoring and continuous threat intelligence in order to achieve and maintain sufficient security in an organisation. It follows then that achieving adequate ICT security management is a big challenge especially for organisations whose core services is not ICT. The idea behind outsourcing ICT security is based on the assumption that engaging a managed ICT security provider may be of great importance to such organisations, in that, like insurance, they will be relieved of their ICT security burden by transferring it to a third party. Given these presumptions many organisations worldwide may consider outsourcing their security services as a way forward in managing ICT security. However, the decision to outsource is never straightforward and is influenced by various constraints as mentioned above. Based on some empirical data, this paper describes typical characteristics of a developing country’s ICT environment from an ICT security management point of view and then discusses the suitability of the environment to benefit from outsourcing managed ICT security services. Use is made of the general merits of ICT security outsourcing as described in the numerous literature to discuss specific issues and challenges in this process that are believed to be necessary if the ICT security services outsourcing paradigm is to be adopted in developing countries with similar characteristics as those described in this paper.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Outsourcing Information Security: Contracting Issues and Security Implications

We examine the implications of a firm outsourcing both (i) security device management which attempts to prevent security breaches and (ii) security monitoring which attempts to detect security breaches to managed security service providers (MSSPs). In the context of security outsourcing, the firm not only faces the traditional moral hazard problem as it cannot observe an MSSP’s prevention or de...

متن کامل

Economics of Internet Security Outsourcing: Simulation Results Based on the Schneier Model

Dynamic and complex information security risks facing organizations are forcing them to take a hard look at outsourcing to Managed Security Service Providers (MSSPs). The potential advantage of outsourcing is to improve security levels at lower costs. Potential risks of outsourcing to an MSSP includes service quality uncertainty and the business risk of MSSP bankruptcy. In this paper we present...

متن کامل

Managing Security Service Providers: Issues in Outsourcing Security

The issue of trust and risk in outsourced relationships was extended beyond traditional outsourcing models with the introduction of Application Service Providers (ASPs). As ASPs evolve, Managed Security Service Providers (MSSPs) have emerged as external providers of security for firms facing increasing information assurance threats. This research-in-progress paper develops a conceptual model of...

متن کامل

Information Security as a Credence Good

With increasing use of information systems, many organizations are outsourcing information security protection to a managed security service provider (MSSP). However, diagnosing the risk of an information system requires special expertise, which could be costly and difficult to acquire. The MSSP may exploit their professional advantage and provide fraudulent diagnosis of clients’ vulnerabilitie...

متن کامل

Growth and Sustainability of MSSP Networks

Managed Security Service Provider (MSSP) networks are a form of collaboration where several firms share resources such as diagnostics, prevention tools, and policies to provide security for their computer networks. While decisions to outsource security operations of an organization may seem counterintuitive, there are potential benefits from joining a MSSP network due to pooling of risk and acc...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006