Risky business: Outsourcing opens doors for security consultants

[InfoSec News <alerts () infosecnews org>]

http://www.startribune.com/business/132825938.html

By STEVE ALEXANDER
Star Tribune
October 30, 2011

Big banks, hospitals and insurance companies worry about computer 
security because they handle so much personal information.

Now, in the age of outsourcing, they also have to worry about whether 
their partner firms are secure. And that's created a new kind of 
business consultant: The information security auditor who determines how 
much security is enough.

Some of these auditors work for big companies. When Evan Francen did 
security audits for Wells Fargo bank, he asked the outsourcing companies 
to complete a 1,500-question security checklist. (Wells Fargo officials 
declined to comment.)

Now Francen has his own security firm, FRSecure of Chaska, that helps 
outsourcing firms meet the demands of security auditors like him. And 
some of them really need the help.

"We audited a small bank that was compliant with computer security 
regulations, but we could have put them out of business in five minutes 
because of the physical risk," Francen said. "Their computer server room 
had no camera surveillance, no records of who came or went, no locked 
doors, nobody there at night, and it was in a separate building."

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn