REVIEW: "Outsourcing Information Security", C. Warren Axelrod

REVIEW: "Outsourcing Information Security", C. Warren Axelrod: Posted by Rob Slade, doting grandpa of Ryan and Trevor on January 20th, 2005; BKOSINSC.RVW 20041210

"Outsourcing Information Security", C. Warren Axelrod, 2004,
1-58053-531-3, U$85.00/C$119.50
%A C. Warren Axelrod
%C 685 Canton St., Norwood, MA 02062
%D 2004
%G 1-58053-531-3
%I Artech House/Horizon
%O U$85.00/C$119.50 800-225-9977 artech@artech-house.com
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%O tl a rl 1 tc 1 ta 3 tv 2 wq 2
%P 248 p.
%T "Outsourcing Information Security"

The author states that he intends to raise issues involved in
outsourcing security in such as way that those working through the
process will not neglect important areas of concern.

Chapter one reviews reasons for outsourcing. Lists of threats and
vulnerabilities, in general, are given in chapter two. Costs are
examined in chapter three, as a basic discussion of justification for
outsourcing. Chapter four looks at risks that might be associated
with outsourcing. Various types of costs, such as intangible,
subjective, and indirect, are contemplated in chapter five, and costs
related to different stages of the evaluation process in chapter six.
Chapter seven investigates a number of issues surrounding the
development of requirements for system or project development. The
first chapter that actually seems to talk in detail about security
outsourcing, rather than just outsourcing itself, is chapter eight,
which goes through the ten domains of the CISSP (Certified Information
Systems Security Professional) CBK (Common Body of Knowledge) (and
some subdomains), determining which of them are particularly
appropriate for outsourcing, and which are not. Chapter nine outlines
the outsourcing process as a sequence of steps.

Axelrod has provided a very solid and useful framework for dealing
with the many areas that need to be considered if outsourcing is
sought. Very little is directly relevant to the security function
itself, but that may simply expand the market for the book. It is
probably futile to expect that any more guidance could have been
provided, since the possiblities are so immense, but the summary given
here still leaves the potential outsourcer with an enormous amount of
work to do.

copyright Robert M. Slade, 2004 BKOSINSC.RVW 20041210

--
======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-subscribe@egroups.com
or techbooks-subscribe@topica.com

Similar Posts

REVIEW: "A Practical Guide to Managing Information Security", Steve Purser (Computer Security) by Rob Slade, doting grandpa of Ryan and Trevor
REVIEW: "Principles of Information Security", Michael E. Whitman/Herbert J. Mattord (Computer Security) by Rob Slade, doting grandpa of Ryan and Trevor
REVIEW: "Security Warrior", Cyrus Peikari/Anton Chuvakin (Computer Security) by Rob Slade, doting grandpa of Ryan and Trevor
REVIEW: "Information Security Risk Analysis", Thomas R. Peltier (Computer Security) by Rob Slade, doting grandpa of Ryan and Trevor
REVIEW: "Wireless Security Essentials", Russell Dean Vines (Computer Security) by Rob Slade, doting grandpa of Ryan and Trevor

Internet Office and Resources