A consortium of the country’s top financial services firms last week published a set of industry guidelines to use in evaluating the security risks of IT outsourcing deals.<\/p>\n","protected":false},"excerpt":{"rendered":"
The Banking Industry Technology Secretariat (BITS) in Washington released the security guidelines as an addendum to an existing framework for managing business relationships with IT services providers. The group’s goal is to help financial services firms streamline the outsourcing evaluation process and better manage the risks of handing over control of key corporate systems to vendors.<\/p>\n
The guidelines are based on the International Standards Organization’s ISO 17799 code of practice for information security management, which covers categories such as documenting corporate security policies and classifying assets. They also include best practices gathered from BITS members and input from vendors, government agencies and third-party IT auditors, said Faith Boettger, a senior consultant at BITS.<\/p>\n
Bob Cedergren, second vice president of information security and business continuity planning at Fortis Inc., a financial services firm with U.S. operations in New York, said security concerns related to outsourcing are getting more attention in corporate boardrooms. “Each time there’s a virus outbreak, this gets discussion within our CIO group here at Fortis as well as with the CEOs” of individual business units, Cedergren said.<\/p>\n
Many of the financial services industry’s certification standards, including Statement on Auditing Standards No. 70, SysTrust and WebTrust, don’t fully cover what companies have been looking for in a best-practices matrix, according to Boettger.<\/p>\n
More info: [url=http:\/\/www.bankinfosecurity.com\/?q=node\/view\/543]http:\/\/www.bankinfosecurity.com\/?q=node\/view\/543[\/url]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-303","post","type-post","status-publish","format-standard","hentry","category-financial"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=303"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/303\/revisions"}],"predecessor-version":[{"id":2790,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/303\/revisions\/2790"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}