Develop Your Security Outsourcing Strategy

Outsource the right functions, with the right MSSP.

View Storyboard

Solution Set Storyboard Thumbnail

Contributors

Adrien de Beaupré, Certified Instructor and Penetration Tester, SANS Institute
4 anonymous company contributors

Your Challenge

A lack of time and resources prevent many CISOs from being able to enable security internally.
It is unclear what functions should be outsourced versus what functions should remain in-house.
Organizations have difficulty measuring the effectiveness of their managed security service providers (MSSPs).

Our Advice

Critical Insight

You can outsource your responsibilities, but not your accountability. You must effectively manage your MSSP as you are still accountable for your security.
Most organizations won’t have a choice – they’ll have to outsource high-end security skills. A shortage of qualified security professionals leads many organizations to outsource.
MSSPs can better identify and remediate threats. An MSSP is able to provide more mature security due to its experience and broad client base.

Impact and Result

Calculate the future financial obligations of outsourcing vs. insourcing to determine which method is the most cost effective.
Understand the current landscape of MSSPs that are available today and the features they offer.
Determine which security responsibilities can be outsourced and which should be outsourced in order to gain cost savings, improve resource allocation, and boost your overall security posture.

Start here – read the Executive Brief

Read our concise Executive Brief to find out if you should outsource your security, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Develop Your Security Outsourcing Strategy – Executive Brief

Develop Your Security Outsourcing Strategy – Phases 1-3

1. Determine what to outsource

Determine what functions you should outsource and any potential cost savings.

Develop Your Security Outsourcing Strategy – Phase 1: Determine What to Outsource

Insourcing vs. Outsourcing Costing Tool

2. Select the right MSSP

Evaluate the MSSPs to determine which one is the best for your organization.

Develop Your Security Outsourcing Strategy – Phase 2: Select the Right MSSP

MSSP Selection Tool

MSSP RFP Template

3. Manage your MSSP

Align the MSSP to your organization and create a metrics program to manage your MSSP.

Develop Your Security Outsourcing Strategy – Phase 3: Manage Your MSSP

Guided Implementations

This guided implementation is an eight call advisory process.

Guided Implementation #1 - Determine what should be outsourced

Call #1 - Assess your responsibilities to determine which ones you can outsource.

Call #2 - Determine your ideal cost savings and benefits from outsourcing.

Call #3 - Perform costing analysis and evaluate each responsibility.

Guided Implementation #2 - Select the right MSSP for your organization

Call #1 - Understand the MSSP market and determine variables to evaluate MSSPs.

Call #2 - Identify which features to look for in an MSSP and create an MSSP shortlist.

Call #3 - Evaluate and rank the MSSPs.

Guided Implementation #3 - Create an MSSP management program

Call #1 - Create a metrics program and understand how to align your MSSP to your organization.

Call #2 - Create an MSSP management process.

Search Code: 84609
Published: September 28, 2017
Last Revised: December 18, 2017

TAGS:

MSSP, managed security service provider, in-house, insourcing, security cost savings, cost effective security, negotiations, contracts, security metrics, third party support, security vendors, outsourcing vendors, IT security management outsourcing, managing security devices and systems, best MSSPs