A bit thin on the security-specific aspects of outsourcing

Outsourcing Information Security by C. Warren Axelrod was intended to guide the uninitiated through each step of the outsourcing process, helping to steer clear of the pitfalls and achieve a partnership with the service provider that is of lasting benefit. However, much of the content is not specific to information security, which was not only disappointing, but a missed opportunity as well. I picked up this book hoping to find advice on selecting risk assessment specialists, auditors, penetration testers, policy developers, and business continuity consultants. Instead, the focus was on generic business issues related to outsourcing that would be considered common sense by most managers. In short, the book would have been more useful had it been aimed at an audience with sound knowledge of business management and limited exposure to information security, not the other way around.

Other Reviews

• A bit thin on the security-specific aspects of outsourcing
• OUTSOURCING INFORMATION SECURITY MAY POSE DIRE CONSEQUENCES FOR BUSINESS AND GOVERNMENT
• A Must Read!
• At Least It Explains the Problem