University Of Phoenix
CMGT/441 - INFORMATION SYSTEMS RISK MANAGEMENT
Wonyie V. Zarwee
November 29, 2010
While it lessens the burden on organizations, reducing and shifting the cost and risk of its IT operation, security and management issues to an external service provider or vendor, outsourcing any portions of an organization's Information System has significant risks that can sometimes become detrimental to the outsourced organization. According to the Commission on Government Outsourcing, "when outsourcing an organization exposes itself to significant risks in terms of security, accuracy, and completeness of information (Holroyd City Council, 2008)". ...view middle of the document...
This sale could be done by an employee of the outsourcing company or the outsourcing company itself. The theft or sharing of information could be intentional or unintentional. In any of these case, even if the outsourcing service provider keeps the outsourced information available, unchanged and accessible to the owners at all times, there are still risks of possible data confidentiality issues.
The use of an enterprise service provider for processing information systems applications such as payroll, human resources, or sales order taking is another excellent way for organizations to minimize cost while still experience the full benefit of an IT system. It is worth noting that while this is very cost effective and significantly reduces the load on an organization, outsourcing an organization's IT applications to an enterprise service provider for processing is a risky path to thread. Information privacy and integrity are at a very great risk here. An enterprise service provider or employers of the provider are capable of selling out the customers, employees and sales information of one organization to another. Employees of the Service providers could also include their name (create false employees) among the names of legitimate employees of the outsourced organization and masquerade as one of the real employees and receive pay every pay period. These and other privacy and integrity concern must be taken into serious consideration by organization outsourcing interested in outsourcing to an enterprise service provider.
While some midsized and large organization may decide to do it for several known reasons, most smaller business without the finance to sustain at least one or few IT professionals nor the monetary capability to purchase and maintain their own IT services would most likely be the ones to outsource the support of their desktop computer and network to an IT vendor. Despite the low cost of these services, the risk involve may be greater and the avert cost; far more than that ever anticipated by the outsourced organization. Outsourcing an organization's desktop computer and network services makes the organization's system and information held within it vulnerable to malicious activities by the vendors workers. These activities could include backdoors, masquerading, time-bombs, logic bomb etc. Employees who leave the vendors agencies could even still have access to the outsourced organization and could use that information to damage the vendor's repetition by hurting their outsourced organizations. There are even greater risks than this involved in outsourcing.
These are just few of the many damages that can be done to organizations who outsource their...