Outsourcing Managed Security Services

Abstract

As computer attack patterns shift and threats to networks change and grow almost daily, it is critical that organizations achieve reliable information security. Investment decisions about information security are best considered in the context of managing business risk. Risks can be accepted, mitigated, avoided, or transferred. Outsourcing selected managed security services (MSS) by forming a partnership with a Managed Security Service Provider (MSSP) is often a good solution for transferring information security responsibility and operations. Although the organization still owns information security risk and business risk, contracting with an MSSP allows it to share risk management and mitigation approaches.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2003
Accession Number
ADA412014

Entities

People

  • Carol Sledge
  • Christopher May
  • Derek Gabbard
  • Eric Hayes
  • Julia H. Allen

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Application Protocols
  • Business Administration
  • Commerce
  • Computer Access Control
  • Computer Network Security
  • Computer Networks
  • Computer Programs
  • Cybersecurity
  • Employment
  • Information Security
  • Information Systems
  • Intellectual Property
  • Management Personnel
  • Network Protocols
  • Organizational Structure
  • Security Protocols
  • Software Development

Fields of Study

  • Computer science

Readers

  • Aviation Safety Risk Assessment.
  • Economics
  • Government and Public Administration Law.