Cookie Consent by Free Privacy Policy Generator โœ… Expertenwissen รผber das Thema "Sicherheit"

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Professional services - concluding phase


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: blog.noticebored.com

Having introduced this blog series and covered information risks applicable to the preliminary and operational phases of a professional services engagement, it's time to cover the third and final phase when the engagement and business relationship comes to an end.

Eventually, all relationships draw to a close. Professional services clients and providers go their separate ways, hopefully parting on good terms unless there were unresolved disagreements, issues or incidents (hinting at some information risks).

It is worth considering what will/might happen at the end of a professional services engagement as early as the preliminary pre-contract phase. Some of the controls need to be predetermined and pre-agreed in order to avoid or mitigate potentially serious risks later-on. Straightforward in principle ... and yet easily neglected in the heady rush of getting the engagement going. This is not unlike a couple drawing up their "pre-nup" before a wedding, or a sensible organisation making suitable business continuity arrangements in case of severe incidents or disasters ahead.

A potentially significant information risk in the concluding phase stems from the inappropriate retention by either party of [access to] confidential information obtained or generated in the course of the engagement - whether commercially sensitive or personal information. Imagine the implications of, say, a law firm being hit by a ransomware attack, office burglary or insider incident, giving miscreants access to its inadequately-secured client casework files and archives. Meta-information about the engagement, assignment/s and contracts may also be commercially-sensitive, for instance if the supplier deliberately under-priced the contract to secure the business and gain a foothold in the market, only to find it uneconomic to deliver the contracted services - a decidedly embarrassing situation if disclosed.

Information risks in this phase are amplified if the relationship ends in dispute, perhaps leading either party to complain bitterly about and criticise the other (whether truly justified or not). Reputations are at stake here, with the potential to cause brand damage that harms future business opportunities. Conversely, if things went well, there is value to be gained from positive references, case studies, endorsements etc. ... with further implications for the way the engagement is managed in the earlier phases. In other words, the way information risks are handled can lead to beneficial, neutral or detrimental business outcomes.

On an even more positive note, there are opportunities to draw out and learn the lessons from professional services relationships. What went well and is worth repeating if the opportunity arises? What went badly and should be avoided if possible? From either organisation's risk management perspective, what have we learnt about our threats, vulnerabilities, impacts and controls? What incidents could/should have been avoided or mitigated? As with post-incident reviews and audits, simply posing and answering such questions achieves little unless changes are then made to improve strategies, policies and procedures.

In the ethical dimension, as mentioned previously, the alignment and closeness that engenders trust between client and provider also makes them more vulnerable to exploitation, as guards are dropped. The professional services security guideline I am drafting will touch on aspects such as reminding those involved of reasonable and persistent ethical expectations going forward. At the very least, simply refusing to discuss the details of prior business arrangements is better than raising old wounds.

That's it from me for this blog series. I have more to say about the risks, controls, assurance, compliance, governance etc. for business services, and plenty of pragmatic advice to impart, but you'll have to wait for the guideline ... which may yet emerge as an ISO27k standard, complete with simplified checklists for each phase. Who knows?

...



๐Ÿ“Œ Professional services - operational phase


๐Ÿ“ˆ 29.08 Punkte

๐Ÿ“Œ Marvel 2021-2023: Phase 4, Phase 5 und die Zukunft des MCU


๐Ÿ“ˆ 25.31 Punkte

๐Ÿ“Œ Framasoft will phase out many of its services


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ Controlware ist F5 GUARDIAN Professional Services Partner


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Netscape Professional Services FTP Server 1.3.6 directory traversal


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Best Unofficial Employment Verification Services to Review Your Professional History


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Best Unofficial Employment Verification Services to Review Your Professional History


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ 5 Cybersecurity Trends in the Professional Services Sector


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ ThreatQuotient enhances its professional services offering to transform SecOps capabilities


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Accelerating the digital transformation of professional services post-Covid: what next?


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ heise-Angebot: Die besten Managed Services in der Online-Konferenz Professional User Rating


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Trend Micro mit erstem Professional Services Partner in Deutschland


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Ingram Micro lanciert neue Professional Services


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Ingram Micro lanciert neue Professional Services


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Managing professional services engagements


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ IT services giant SHI hit by "professional malware attack"


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Deloitte and AWS Professional Services drive customer cloud migration and app modernization


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ BeyondID raises $9M to expand cloud professional services market


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Professional services infosec policy template


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Professional-Services-Anbieter erwarten Umsatzwachstum von 9,7 Prozent


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ CVE-2022-43999 | BACKCLICK Professional 5.9.63 CORBA Management Services missing authentication (SYSS-2022-034)


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ CVE-2022-44001 | BACKCLICK Professional 5.9.63 CORBA Back-End Services improper authentication (SYSS-2022-035)


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Professional services - preliminaries


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Das com! professional Briefing Managed Services ist da


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Enthus geht mit deutscher Cloud an den Start - Software & Services - connect professional


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Christian Bedel verlรคsst MRM Distribution - Software & Services - connect professional


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Information risk and security for professional services


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ What Do You Get With Professional Data Recovery Services


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ 5 Reasons To Hire Professional Managed IT Services


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Ostrich Cyber-Risk Improves Cyber Risk Quantification (CRQ) Offerings, Adds CRQ Professional Services


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Authentix: On a Mission to Provide Every Swiss Company with Professional Cybersecurity Services


๐Ÿ“ˆ 16.43 Punkte

๐Ÿ“Œ Top Signs Your E-commerce Store Needs Professional Magento Support Services


๐Ÿ“ˆ 16.43 Punkte











matomo