{"title":"委托外部开发:提前解决信息安全风险","authors":"Yasir Gokce","doi":"10.4018/IJCWT.2021070103","DOIUrl":null,"url":null,"abstract":"Bringing externals in the critical business processes and having them assume some or all of the responsibilities associated with the critical business functions comes with information security risks whose impact, if materialized, could be disastrous for business and therefore warrants a meticulous and holistic approach for managing those risks. Compounded with the engagement of externals in the development process, risks facing a development project require robust risk management by the outsourcing organization. The organization should be able influence the security behavior of those externals and induce them to comply with certain secure development principles and practices. Delving deep into those risks brought about by suppliers, this study aims at offering a methodology in addressing the risks associated with commissioning some or all components of a would-be-developed product to externals and shows how those risks can be mitigated by controlling the security behavior of suppliers through well-tailored contractual provisions.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"12 1","pages":"30-40"},"PeriodicalIF":0.2000,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Commissioning Development to Externals: Addressing Infosec Risks Upfront\",\"authors\":\"Yasir Gokce\",\"doi\":\"10.4018/IJCWT.2021070103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Bringing externals in the critical business processes and having them assume some or all of the responsibilities associated with the critical business functions comes with information security risks whose impact, if materialized, could be disastrous for business and therefore warrants a meticulous and holistic approach for managing those risks. Compounded with the engagement of externals in the development process, risks facing a development project require robust risk management by the outsourcing organization. The organization should be able influence the security behavior of those externals and induce them to comply with certain secure development principles and practices. Delving deep into those risks brought about by suppliers, this study aims at offering a methodology in addressing the risks associated with commissioning some or all components of a would-be-developed product to externals and shows how those risks can be mitigated by controlling the security behavior of suppliers through well-tailored contractual provisions.\",\"PeriodicalId\":41462,\"journal\":{\"name\":\"International Journal of Cyber Warfare and Terrorism\",\"volume\":\"12 1\",\"pages\":\"30-40\"},\"PeriodicalIF\":0.2000,\"publicationDate\":\"2021-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Cyber Warfare and Terrorism\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJCWT.2021070103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"POLITICAL SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Cyber Warfare and Terrorism","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJCWT.2021070103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"POLITICAL SCIENCE","Score":null,"Total":0}
Commissioning Development to Externals: Addressing Infosec Risks Upfront
Bringing externals in the critical business processes and having them assume some or all of the responsibilities associated with the critical business functions comes with information security risks whose impact, if materialized, could be disastrous for business and therefore warrants a meticulous and holistic approach for managing those risks. Compounded with the engagement of externals in the development process, risks facing a development project require robust risk management by the outsourcing organization. The organization should be able influence the security behavior of those externals and induce them to comply with certain secure development principles and practices. Delving deep into those risks brought about by suppliers, this study aims at offering a methodology in addressing the risks associated with commissioning some or all components of a would-be-developed product to externals and shows how those risks can be mitigated by controlling the security behavior of suppliers through well-tailored contractual provisions.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
