|
[TABLE]
Countermeasures
The most logical first step in addressing contractor risks is to perform a risk assessment. This should include identification of the threats, vulnerabilities, impact and likelihood of a security breach associated with contractors.
The best mitigation of the risks is knowledge--knowing who you're hiring through screening such as background searches and references checks--and oversight. Who is watching the contractor and do they understand in detail what the contractor is supposed to be doing? In other words, does the manager have technical competency in the area that is outsourced? The ability to observe and understand the th
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ird party's work helps reduce risks.
In addition, oversight should include system usage monitoring, regular status reporting, and establishment of goals and milestones. Actual oversight, however, depends on the nature of the contractor's job and sensitivity of the data he or she is handling.
Make sure you don't open the door to additional risk by not providing adequate secure file-transfer capabilities--it could encourage contractors to handle sensitive data in unsecured ways by downloading large amounts of data to their local hard drives, or by sending information via clear text email. Both such actions would expose the organization; however, without an alternative the contractor will do something like that in order to complete an assigned task.
|
 |
|
