Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

08:50 AM

IIA Provides Guidance

Trends in IT outsourcing have prompted The IIA to focus its seventh Global Technology Audit Guide (GTAGR) on this topic

ALTAMONTE SPRINGS, Fla. - Trends in information technology (IT) outsourcing have prompted The Institute of Internal Auditors (IIA) to focus its seventh Global Technology Audit GuideR (GTAGR) on this topic. Written in straightforward business language, GTAG 7 will help C-level executives and boards of directors understand various risks when navigating the complex task of IT outsourcing.

"IT outsourcing has grown in popularity as an efficient and cost-effective way to meet IT management demands such as systems implementation, maintenance, security, and operations," says IIA Manger of Technology Practices Lily Bi. "There are benefits from outsourcing this function, but they come with complexities, risks and challenges. It's important that executive management and boards understand how to conduct a comprehensive review of an organization's outsourced operations, evaluate the risk management process, and comply with applicable laws and regulations. When it comes down to it, those at the top are the ones accountable for ensuring that things are as they should be. Chief audit executives and audit supervisors can use GTAG 7 to help people who have limited technical knowledge to better understand these risks."

GTAG 7 describes some of the most common outsourcing risks and their potential strategic impact on an organization throughout the outsourcing lifecycle. Key issues discussed in this GTAG include: the outsourcing strategy and feasibility; selecting an IT service provider; drafting and managing contractual agreements; ensuring a smooth transition of internal operations to service providers; return on investment; effective frameworks for establishing outsourcing controls; and termination and renegotiation of services. The guidance also stresses the importance of evaluating the service provider's internal controls, and establishing a clear governance structure over the outsourcing activity to ensure accountability and effective project management.

The Institute of Internal Auditors (IIA)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-13
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To...
PUBLISHED: 2021-04-13
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be rea...
PUBLISHED: 2021-04-13
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "...
PUBLISHED: 2021-04-13
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
PUBLISHED: 2021-04-13
Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query exec...