REVIEW: "Outsourcing Information Security", C. Warren Axelrod
- BKOSINSC.RVW 20041210
"Outsourcing Information Security", C. Warren Axelrod, 2004,
%A C. Warren Axelrod
%C 685 Canton St., Norwood, MA 02062
%I Artech House/Horizon
%O U$85.00/C$119.50 800-225-9977 artech@...
%O tl a rl 1 tc 1 ta 3 tv 2 wq 2
%P 248 p.
%T "Outsourcing Information Security"
The author states that he intends to raise issues involved in
outsourcing security in such as way that those working through the
process will not neglect important areas of concern.
Chapter one reviews reasons for outsourcing. Lists of threats and
vulnerabilities, in general, are given in chapter two. Costs are
examined in chapter three, as a basic discussion of justification for
outsourcing. Chapter four looks at risks that might be associated
with outsourcing. Various types of costs, such as intangible,
subjective, and indirect, are contemplated in chapter five, and costs
related to different stages of the evaluation process in chapter six.
Chapter seven investigates a number of issues surrounding the
development of requirements for system or project development. The
first chapter that actually seems to talk in detail about security
outsourcing, rather than just outsourcing itself, is chapter eight,
which goes through the ten domains of the CISSP (Certified Information
Systems Security Professional) CBK (Common Body of Knowledge) (and
some subdomains), determining which of them are particularly
appropriate for outsourcing, and which are not. Chapter nine outlines
the outsourcing process as a sequence of steps.
Axelrod has provided a very solid and useful framework for dealing
with the many areas that need to be considered if outsourcing is
sought. Very little is directly relevant to the security function
itself, but that may simply expand the market for the book. It is
probably futile to expect that any more guidance could have been
provided, since the possiblities are so immense, but the summary given
here still leaves the potential outsourcer with an enormous amount of
work to do.
copyright Robert M. Slade, 2004 BKOSINSC.RVW 20041210
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Murder is a crime. Describing murder is not. Sex is not a crime.
Describing sex is. - Gershon Legman (b. 1917) American writer
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade