|
|
The range of tasks transferred externally requires a comprehensive study of the company's risk profile, the criticality of business processes, as well as an assessment of the current level of maturity of information security processes and development plans.
Based on the analysis, each individual organization forms a list of what should be outsourced and what should be left under the control of its own specialists. The main criterion here is the lack of resources and highly specialized competencies.
The second sorting filter is the reluctance of security professionals to perform certain low-priority tasks at the expense of more complex and high-priority ones.
The third criterion is company policies that dictate that certain tasks and processes (such as internal threat assessment) should be outsourced.
For obvious reasons, even in the context of the growing popularity of outsourcing scenarios in cybersecurity, the hybrid approach dominates, since a certain range of information security tasks still remains the internal practice of the company.
According to Deloitte , 99% of organizations content writing service have outsourced at least one element of their information security landscape: the most common functions outsourced are vulnerability management, monitoring, training, and cybersecurity auditing.
In Russia, information security competencies in the corporate sector have sagged in the area of incident investigation and development of recommendations for further work on identified vulnerabilities and threats. Requests to establish the causes of cyber incidents have become significantly more frequent. For example, a company's application has crashed, but its employees cannot determine the reason for this.
Meanwhile, the reasons can be anything from infrastructure to the quality of protection of the application code development environment (updates, launch of new functions, etc.).
Security incident response and investigation services are becoming increasingly in demand due to the growing number of cyber attacks.
These may be Computer Emergency Response Teams (CERTs), which help organizations gather evidence and mitigate identified risks.
Monitoring in the Security Operation Center (SOC) format is effective. This is a kind of "control center" for the information security component of the company's work. It may include specialists of different profiles, in different technologies and tasks, which form a hub of the necessary level of competence for resolving incidents.
As a rule, this is a team of more than two dozen people: recruiting them into the staff of small and medium-sized companies from scratch and loading them with work so that it is economically profitable is a task that is practically impossible today. It is simpler and more profitable to buy SOCs according to the as-a-service model with agreed service levels (SLA).
Another recent trend is the administration of security tools. If previously companies usually did not allow third parties to “get into” this sensitive area from the information security point of view, today, with the growing number of cyber attacks, everything has changed.
It can be said that the lack of expertise due to the personnel shortage, as well as due to the challenges of the current moment (the outflow of domestic specialists, the shortage of information security tools due to the departure of global vendors) leads to a situation where the necessary information security skills are concentrated in certain points on the market map. This is the only way to ensure their availability to the maximum number of companies.
|
|
發表於 2024-11-9 15:14:01