Professional services - concluding phase



Informationsportal Cybersicherheit interne Portal Nachrichten

TSEC NEWS (572 Quellen): 11.08.22 Perofrmance fix. Download Android App Android App von Team IT Security


Informationsportal Cybersecurity Chronologie für Nachrichtenthemen


Professional services - concluding phase

blog.noticebored.com

Having introduced this blog series and covered information risks applicable to the preliminary and operational phases of a professional services engagement, it's time to cover the third and final phase when the engagement and business relationship comes to an end.

Eventually, all relationships draw to a close. Professional services clients and providers go their separate ways, hopefully parting on good terms unless there were unresolved disagreements, issues or incidents (hinting at some information risks).

It is worth considering what will/might happen at the end of a professional services engagement as early as the preliminary pre-contract phase. Some of the controls need to be predetermined and pre-agreed in order to avoid or mitigate potentially serious risks later-on. Straightforward in principle ... and yet easily neglected in the heady rush of getting the engagement going. This is not unlike a couple drawing up their "pre-nup" before a wedding, or a sensible organisation making suitable business continuity arrangements in case of severe incidents or disasters ahead.

A potentially significant information risk in the concluding phase stems from the inappropriate retention by either party of [access to] confidential information obtained or generated in the course of the engagement - whether commercially sensitive or personal information. Imagine the implications of, say, a law firm being hit by a ransomware attack, office burglary or insider incident, giving miscreants access to its inadequately-secured client casework files and archives. Meta-information about the engagement, assignment/s and contracts may also be commercially-sensitive, for instance if the supplier deliberately under-priced the contract to secure the business and gain a foothold in the market, only to find it uneconomic to deliver the contracted services - a decidedly embarrassing situation if disclosed.

Information risks in this phase are amplified if the relationship ends in dispute, perhaps leading either party to complain bitterly about and criticise the other (whether truly justified or not). Reputations are at stake here, with the potential to cause brand damage that harms future business opportunities. Conversely, if things went well, there is value to be gained from positive references, case studies, endorsements etc. ... with further implications for the way the engagement is managed in the earlier phases. In other words, the way information risks are handled can lead to beneficial, neutral or detrimental business outcomes.

On an even more positive note, there are opportunities to draw out and learn the lessons from professional services relationships. What went well and is worth repeating if the opportunity arises? What went badly and should be avoided if possible? From either organisation's risk management perspective, what have we learnt about our threats, vulnerabilities, impacts and controls? What incidents could/should have been avoided or mitigated? As with post-incident reviews and audits, simply posing and answering such questions achieves little unless changes are then made to improve strategies, policies and procedures.

In the ethical dimension, as mentioned previously, the alignment and closeness that engenders trust between client and provider also makes them more vulnerable to exploitation, as guards are dropped. The professional services security guideline I am drafting will touch on aspects such as reminding those involved of reasonable and persistent ethical expectations going forward. At the very least, simply refusing to discuss the details of prior business arrangements is better than raising old wounds.

That's it from me for this blog series. I have more to say about the risks, controls, assurance, compliance, governance etc. for business services, and plenty of pragmatic advice to impart, but you'll have to wait for the guideline ... which may yet emerge as an ISO27k standard, complete with simplified checklists for each phase. Who knows?

...

Komplette Nachricht lesen

Zur Startseite


➤ Ähnliche Beiträge für 'Professional services - concluding phase'

Azure Marketplace new offers – Volume 26

vom 475.26 Punkte
We continue to expand the Azure Marketplace ecosystem. During September and October, 149 new consulting offers successfully met the onboarding criteria and went live. See details of the new offers below: Consulting Services   1-Day Big D

Azure Marketplace new offers – Volume 26

vom 475.26 Punkte
We continue to expand the Azure Marketplace ecosystem. During September and October, 149 new consulting offers successfully met the onboarding criteria and went live. See details of the new offers below: Consulting Services   1-Day Big D

Azure Marketplace new offers – Volume 28

vom 375.21 Punkte
We continue to expand the Azure Marketplace ecosystem. From November 17 to November 30, 2018, 80 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CloudflareA

Best of WWDC22

vom 256.81 Punkte
Best of WWDC22WWDC may have come to a close, but there's still so much to explore. Catch up on the highlights and enjoy videos all year long.WWDC22 daily dispatchesIf it's a quick daily report you need or a catchup on all the special events of the week,

Managing professional services engagements

vom 233.89 Punkte
In relation to professional services, management responsibilities are shared between client and provider, except where their interests and concerns diverge. Identifying and exploiting common interests goes beyond the commercial/financial arrangements, involving different levels and types of management:Strategic mana

Azure Marketplace new offers – Volume 27

vom 225.12 Punkte
We continue to expand the Azure Marketplace ecosystem. From November 1 to November 16, 2018, 61 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CIS Ubuntu

Best of WWDC21

vom 165.1 Punkte
While WWDC has come to a close, you can still explore the pavilions and check out some of the best sessions and challenges from the week. And to get you started, here are some of our favorites.WWDC21 Daily Recaps

Professional services - concluding phase

vom 164.37 Punkte
Having introduced this blog series and covered information risks applicable to the preliminary and operational phases of a professional services engagement, it's time to cover the third and final phase when the engagement and business relationship comes to an end.Eventually, all relationships draw to

6 top managed cloud services providers—and how to choose

vom 147.3 Punkte
A managed cloud services provider (MCSP) partially or totally manages the cloud platforms of their customers, including the migration, maintenance, and optimization of those platforms. Cloud environments include public, private, and hybrid clouds, each o

6 top managed cloud services providers—and how to choose

vom 147.3 Punkte
A managed cloud services provider (MCSP) partially or totally manages the cloud platforms of their customers, including the migration, maintenance, and optimization of those platforms. Cloud environments include public, private, and hybrid clouds, each o

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

vom 138.96 Punkte
Original release date: May 11, 2022SummaryTactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unex

Professional services - operational phase

vom 124.78 Punkte
Following-on from the preliminary phase I covered yesterday, the longest phase of most professional services engagements is the part where the services are delivered. With the contractual formalities out of the way, the supplier starts the service, providing consultancy support or specialist advice. The client receives

Team Security Diskussion über Professional services - concluding phase