Authors A.M. Tsybulin, V.A. Baldaev, A.A. Beshta
Month, Year 02, 2014 @en
Index UDC 004.056.5, 004.89
Abstract The Russian companies began to use outsourcing in order to abandon non-core assets focus on the general direction of their business. When implementing its services company - outsourcer gets access to resources and components of the information system, which leads to change of a level of information security threats, reduce and completely disappear, some risks and new risks are emerging. The actual problems are timely identification, assessment and minimization of old and new risks, as well as the automation of these processes. Outsourcing services are analyzed, a tree of threats to the information system in outsourcing is built, and residual risk is calculated. To ensure the security of information system when sending it to outsourcing a number of works to reduce the risks is carried out. It is proposed to include in this work: preparation of information system to the outsourcing, assessing the level of information security during and after outsourcing, and in the case of level reduce carrying out repair work. Algorithms are proposed for the assessment and minimizing risks during outsourcing based on monitoring data, inventory of hardware and software. The program complex, which allows to automate the process of minimizing the risks is developed.

Download PDF

Keywords Outsourcing; outsourcer; tree of threats; insider activity; information security; inventory; monitoring; the residual risk.
References 1. Готтшальк П. ИТ-аутсорсинг. Построение взаимовыгодного сотрудничества. Ханс Солли-Сетер. Изд-во: Альпина Паблишер, 2007. – 394 с.
2. Аникин Б.А., Рудая И.Л. Аутсорсинг и аутстаффинг, Высокие технологии менеджмента. – 2-е изд., перераб. и доп. – М.: Инфра-М, 2009. – 320 с.
3. Сетевые решения: Вопросы информационной безопасности при аутсорсинге IT-процессов компании. /08/sr70812.html.
4. Информационная безопасность при аутсорсинге IT-процессов компании.
5. Мелехин И. Риски информационной безопасности при передаче систем на аутсорсинг. [Доклад в виде презентации]. Системный интегратор Информзащита. – 2012. URL:
6. Бешта А.А. Архитектура программного комплекса контроля над внутренним злоумышленником // Известия ЮФУ. Технические науки. – 2013. – № 12 (149). – С. 157-163.
7. Цыбулин А.М. Архитектура автоматизированной системы управления информационной безопасностью предприятия // Известия ЮФУ. Технические науки. – 2011. – № 12 (125). – С. 58-64.
8. Кавчук Д.А., Тумоян Е.П., Астафьев Г.А. Интеллектуальный подход к анализу рисков и уязвимостей информационных систем // Известия ЮФУ. Технические науки. – 2013. – № 12 (149). – С. 79- 86.

Comments are closed.