The larger, better-known names in outsourcing will have all their certifications, such as ISO 27001, to boast of, but that doesn't mean they should get the benefit of the doubt on information security. A small firm may offer even more specialized attention and experience.
ISO 27001 is certification that a company documents and follows information security practices and controls. Take note of the auditor's findings to ensure that the controls you most value are part of the certification. Review the firm that conducted the audit. Also make sure the outsourcer follows your industry's best practices and the compliance guidelines of your home country, and that it has a real understanding of them. Does the company live and breathe U.S. HIPAA or Payment Card Industry standards, which apply to health care and credit card data, respectively?
Under PCI, a company must ensure that third parties it hires adhere to the requirements. Often overlooked areas when using offshore companies are enforcing proper access controls and network segmentation. With offshore firms servicing multiple clients, a company must fully ensure that no administrative networks span clients and jeopardize data privacy.
When planning a controls strategy, a company must take the time to assess the data type and where it originated. Bridget Treacy, a London-based lawyer with the U.S. firm Hunton & Williams, routinely advises clients on the European Union's data privacy requirements, which are among the toughest. U.S. companies may opt into a Safe Harbor program to meet EU requirements, which can carry over to data being offshored.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
