Security Outsourcing: Vendor Selection and Management

Learn how and why to outsource your cybersecurity program. Find out how to select manage vendors for maximum value.

Introduction

• Outsourcing cybersecurity
• 2024 update
• What you should know

1. Prepare to Outsource Cybersecurity Work

• What is outsourcing?
• Why outsource?
• Why outsource cybersecurity?
• What are the benefits of outsourcing?
• How is managing outsourced work different from managing staff?
• What are the risks of outsourcing cybersecurity?
• The seven steps to successfully outsourcing cybersecurity work

2. Identify Candidate Work to Outsource

• What should you outsource?
• Examples of work to outsource
• Case study 1: Identify candidate work to outsource

3. Document Requirements

• Outcomes
• How the work gets done
• Service Level Agreements (SLA)
• Case study 2: Document requirements

4. Select a Vendor

• What is an MSSP?
• Recognize and manage conflicting goals—profit vs. outcomes
• How do I evaluate an MSSP?
• Case study 3: Select a vendor

5. Contract with the Vendor

• How do I contract with a vendor?
• Tips for contracting with a vendor
• Case study 4: Contract with the vendor

6. Implement the Agreement

• Plan and perform transition to the vendor
• Tips for transitioning to the vendor
• Case study 5: Implement the agreement

7. Managing the Vendor

• Manage by Service Level Agreements (SLA)
• Manage by contractual terms
• Case study 6: Manage the vendor

8. Renewing the Agreement

• How to renew the agreement
• When to not renew the agreement
• Case study 7: Renew the agreement

Conclusion

• Next steps