本文关于企业应如何规避IT外包风险?,据
亚洲金融智库2021-04-17日讯:
企业规避IT外包风险的方法:
1.减少核心业务外包。根据调查,企业信息泄露的80%来自企业内部,例如来自对公司或领导不满的员工等。公司在决定IT外包之前,必须确定外包的部分包含的公司数据量较少。
2.制定外包工作进行期间的规范,例如,不得携带存储设备进入工作场地等。
3.法规制约。检查外包公司是否遵循数据隐私法案和特殊行业法规,例如萨班斯法案、HIPPA、ISO20007等。
4.技术保证。检查外包供应商是否具备保障信息安全的技术条件。
5.公司在选择外包供应商之初,应该首先查看外包供应商的保密政策,并在外包合同中明确保密协议和信息泄露后的责任归属。
帮忙写一个英文的:IT业中的风险管理的演讲稿(完成好追加50分)
Risk management in the IT industry Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk. Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions. This process is not unique to the IT environment; indeed it pervades decision-making in all areas of our daily lives. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization. So, who should be involved in risk management of an organization? Personnel who should support and participate in the risk management process are:- • Senior Management. Senior management, under the standard of due care and ultimate responsibility for mission accomplishment, must ensure that the necessary resources are effectively applied to develop the capabilities needed to accomplish the mission. They must also assess and incorporate results of the risk assessment activity into the decision making process. An effective risk management program that assesses and
专题推荐:
风险管理(8)英文(1)演讲稿(1)