Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Security Improvement Module

Outsourcing Managed Security Services

  • January 2003
  • In this report, the authors recommend practices that provide organizations with the guidance for knowledgeably engaging managed security service providers.
  • Publisher: Software Engineering Institute
    CMU/SEI Report Number: CMU/SEI-2003-SIM-012
  • Abstract

    As computer attack patterns shift and threats to networks change and grow almost daily, it is critical that organizations achieve reliable information security. Investment decisions about information security are best considered in the context of managing business risk. Risks can be accepted, mitigated, avoided, or transferred. Outsourcing selected managed security services (MSS) by forming a partnership with a Managed Security Service Provider (MSSP) is often a good solution for transferring information security responsibility and operations. Although the organization still owns information security risk and business risk, contracting with an MSSP allows it to share risk management and mitigation approaches.

  • Download