Guide to web-based outsourcing puts new focus on security

'Managing security in outsourced and offshored environments: how to safeguard intellectual assets in a virtual business world', by David Lacey, does what it says on the tin. It's also timely, given that a recent survey of information security breaches revealed that 68% of companies have been asked by customers to demonstrate compliance with security standards. The report also highlighted that 92% have had a security incident in the last year – with costs varying between £280k and £690k. The report attributed much of the problem to the growing use of externally hosted, web-based services. Previous surveys warned that deployment of effective controls tends to lag behind the more rapid adoption of new technologies. With growing concerns about fraud and espionage set against a background of increasing regulatory compliance, the implications for security and privacy have become significant for any organisation planning a major outsourcing or offshoring initiative, warns BSI. In the new publication, industry guru David Lacey shares his knowledge with BSI Standards, and shows how to apply BS ISO/IEC 27001 and related standards, to build a safer outsourced project. He describes the book as a culmination of his "experience as a senior security and technology director, including two decades of practical experience in specifying and managing the security, governance and risk management requirements for large commercial contracts, including a few in excess of a billion pounds in value".