Scenarios in business security: A risk assessment
James P. England
CMGT/442
April 16, 2012
David Conway
Scenarios in business security: A risk assessment The use of an external service provider for data storage

The storage of data is the key to any business, and the security of this information requires a plan for safe storage with ease to accessibility for the company. Typical business storage growth is at 40% per year, and the efficient management of storage is a key element in keeping operational costs to a minimum. Management cost for storage will outweigh hardware costs so efficiency by sharing of storage practices in an outsourcing environment will be generally more cost-effective to the customer (Simmons, 2004). The wide range of variables in the nature of a customer’s storage, and the possible savings through outsourcing of storage can be an appropriate undertaking for a business. The risks involving this form of storage entails customers looking closely at outsourcing to determine if this is best at meeting requirements, how outsourcing storage would include size of the storage, the rate of storage growth, the accessibility, and security of the information. The customer needs to take into account other risks, such as organizational policy regarding asset ownership.
The “Best Practice” method of application shows that risks are inherent, but the control and level of risk assigns the practice of choice for the company. The mitigation plan for outsourcing involves ranking the risks for the company, and security is the number one concern for any business. The plan calls for encryption of data in storage, redundancy of backups for critical data, compliance with regulatory agencies, and monitoring of the information off sight. This mitigation plan will allow the outsourcing costs, and keep a tight control or access to the information off sight (Spafford, 2006). The encryption method allow access only to an authorized user to access information and make changes to the system, and again adds a level of extra security.
Administrative Outsourcing
This form of business adds many risks for the business, and to customers, but the initial risk is that this type of data will have a high need for security. The risks involve the possibility of Health Insurance Portability and Accountability Act (HIPAA) fines, identity theft of personal data, loss of one-on-one communication with employees, and company loyalty from customers. The security issue is the main concern in this mitigation plan, and the information from a payroll, human resources, and order processing department will contain a variety of sensitive information (Corporate Computer Services, Inc., 2010). This mitigation plan will require creating a transition management plan detailing the duty requirements for establishing responsibility for the vendor. Shifting the burden for responsibility ensures cooperation with the outsourcing vendor, and allows input from the client. Both sides can identify responsibility for making certain decisions, how the decision-making process will work and how these decisions may affect the company. This helps reduce any doubt and describes the accountability that individuals from both parties have in the relationship. Building a reporting framework for success communicates if the outsourcing arrangement is operating. Service level agreements (SLAs) quantify the objectives of the performance to the stakeholders, and reporting performance consistently with analysis will show potential improvement areas. The business should consider operating measures for the current state of the workforce showing the value the organization is providing to the organization. The complex interactions between these organizations for safeguarding the data is not without a certain risk, and these techniques involve some up-front investment in planning and design, but typically save resources and prevent conflict (Corporate