Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

Security Improvement Module

Security for Information Technology Service Contracts

  • January 1998
  • By Julia H. Allen4967, Gary Ford4625, Barbara Fraser4615, John Kochmar4411, Suresh Konda4407, Derek Simmel3945, Lisa Cunningham4739
  • This 1998 document is one of a new series of publications of the Software EngineeringInstitute at Carnegie Mellon University,security improvement modules.They are intended to provide concrete, practical guidance that will help organizationsimprove the security of their networked computer systems.
  • Publisher: Software Engineering Institute
    CMU/SEI Report Number: CMU/SEI-98-SIM-003
  • Abstract

    An increasing number of organizations are organizations are contracting with outside companies for installation and maintenance of their information technology (IT). All too often, these organizations experience increased difficulty in providing appropriate oversight of the services and software for which they have contracted. For example, contractor access to the organization's systems is often neither well controlled nor secure, placing information systems and data at risk. The practices recommended in this document are designed to assist your organization in managing the contractor, managing the contract, and deterring common, known security problems when IT services and software are externally contracted.

  • Download