Corpus ID: 114307487

Outsourced incident management services

  title={Outsourced incident management services},
  author={Reyes Z{\'u}{\~n}iga and Alfredo Ramiro},
With increasing use of information and communication technologies (ICT), many organizations are outsourcing information security services to managed security service providers (MSSP). This project reports results on current practice and experiences with outsourced incident management services. The research was conducted as a case study performing a qualitative study of six large MSSPs, one emerging MSSP and an independent expert. The findings reveal multiple challenges that both customers and… Expand
Passing the Buck: Outsourcing Incident Response Management
A case study where several organizations who are active in outsource management of computer security incidents today are studied, which indicates that outsourcing of incident management is a viable security approach for many organizations, but that transitioning between providers frequently is a challenge. Expand
Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?
This chapter considers whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements, and starts with the concept of using proper measurement for a cloud security assurance model. Expand
Editorial : Innovation for Local and Global Impact
Editorial: Innovation for Global and Local Impact Stoyan Tanev Human Capital, its Constituents and Entrepreneurial Innovation: A Multi-Level Modeling of Global Entrepreneurship Monitor Data
  • 2019


Defining Incident Management Processes for CSIRTs: A Work in Progress
Abstract : This report presents a prototype best practice model for performing incident management processes and functions. It defines the model through five high-level incident management processes:Expand
Information security incident management: Current practice as reported in the literature
This paper reports results of a systematic literature review on current practice and experiences with incident management, covering a wide variety of organisations, and provides suggestions for addressing the challenges, and presents identified research needs within information security incident management. Expand
Outsourcing Managed Security Services
Abstract : As computer attack patterns shift and threats to networks change and grow almost daily, it is critical that organizations achieve reliable information security. Investment decisions aboutExpand
Managing security for outsourcing contracts
  • J. Sherwood
  • Business, Computer Science
  • Comput. Secur.
  • 1997
This paper examines the main issues concerning security of business information in outsourced systems and networks, and looks at the strategy that management should follow to ensure that its business information is adequately secured under these conditions. Expand
Managed security services: an emerging solution to security
Recent security breaches at ChoicePoint Inc., Lexis Nexis and Citicorp have again proven that the security administration is an important function within an organization. However, for someExpand
Outsourcing Internet Security: Economic Analysis of Incentives for Managed Security Service Providers
It is shown that if serving a large group of customers helps the provider to improve service quality significantly (which is observed in the internet security outsourcing market), an optimal contract should always be performance-based even if a strong reputation effect exists. Expand
Information Security Governance for Executive Management
A more detailed “must do” list is given for the two levels of executive management considered in this paper: Board of directors and Executive Committee (or Information Security Steering Committee). Expand
Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements
It is shown that firms can use an RPA as a complement to cyberinsurance to address the overinvestment issue caused by negative externalities of security investments; however, the adoption of an R PA is not incentive-compatible for firms when the security investments generate positive externalities. Expand
Security Automation and Threat Information-Sharing Options
The author addresses the most common questions and concerns raised in the industry when information is shared among vendors and helps organizations develop a common understanding of the options available and adopt those that serve their purpose. Expand
Information Security Governance
This book provides an understanding of governance and its relevance to information security. It gives readers a clear, step-by-step approach to developing a sound security strategy aligned with theirExpand