Information Systems Risk Management
CMGT/441 - INFORMATION SYSTEMS RISK MANAGEMENT
Week-4 assignment
Wonyie V. Zarwee
November 29, 2010
While it lessens the burden on organizations, reducing and shifting the cost and risk of its IT operation, security and management issues to an external service provider or vendor, outsourcing any portions of an organization's Information System has significant risks that can sometimes become detrimental to the outsourced organization. According to the Commission on Government Outsourcing, "when outsourcing an organization exposes itself to significant risks in terms of security, accuracy, and completeness of information (Holroyd City Council, 2008)". Comprised in the rest of this document is an …show more content…
Despite the low cost of these services, the risk involve may be greater and the avert cost; far more than that ever anticipated by the outsourced organization. Outsourcing an organization's desktop computer and network services makes the organization's system and information held within it vulnerable to malicious activities by the vendors workers. These activities could include backdoors, masquerading, time-bombs, logic bomb etc. Employees who leave the vendors agencies could even still have access to the outsourced organization and could use that information to damage the vendor's repetition by hurting their outsourced organizations. There are even greater risks than this involved in outsourcing.
These are just few of the many damages that can be done to organizations who outsource their Information system activities to vendors, enterprise services providers or other external service providers. Other Risky situations could be that the outsourcing service provider may have several organization to care for and thus may not pay much attention to the activities that may be hurting one organization. Activities an outsourced organization would take very seriously and response to vigorously. A second and