Although intranet pages may provide links to the Internet, an intranet is not a site accessed by the general public" (Housel and Hom, 1999).
Aside from the intranet, the company also uses a wide array of anti-virus programs, firewalls and virtual private networks. The scope of these software applications is that of screening the information which flows between all the organizational computers (Answers, 2011). At the level of the organization, the software protection operations are made more complex by the fact that we support telecommuting. This specifically means that part of the staff members can work from remote locations and that they can access the company information without being within the firm. This situation raises additional complexities for the software management of information security.
The information security requirements and features at the firm generate the constant need for updates. The analysis of existent data has revealed that software updates are completed on an average of twice per year. This specifically means that every six months, the firm has to allocate resources to the updating of the software applications. And these efforts are not only obvious at the level of actual software purchase, but also at the levels of installation and training, which additionally increase costs and generate organizational inefficiencies.
Outsourcing the information service operations to a tertiary party would also have to cover the update expenses, but the service provider would divide these costs by the total of its customers, as it would use them to provide information security services to all its clients. This subsequently indicates higher level of efficiency for both our firm as well as the selected service provider.
The information security services are currently offered by company employees, particularly 15 staff members, five of whom are in charge of hardware operations, eight of them are in charge of software processes and the remaining two are in charge of administration and management of information service operations. These individuals generate additional organizational costs which could be reduced once the operations are outsourced / offshored. The average monthly income of an employee in the information security department is of $7,000, cumulating as such to $84,000 per year, or $1,260,000 per year for the whole department.
And these are just the direct costs, with other occurring, such as benefits, bonuses, incentives and so on. Once the internal providers of these services are removed, the company would generate significant savings. Also, aside from the actual costs, the redistribution of the services would allocate operational efficiencies. In this order of ideas, the firm would not seek to downsize its staff members, but would strive to integrate them in new positions within the entity. This would allow the previous providers of information security services to support organizational efficiency goals in other means which capitalize on their it expertise.
Information security is an extremely dynamic field in which the threats continually change. Just as the programs develop, the intrusions also improve as the hackers continually intensify their efforts to gather information. This specifically generates a need for the individuals handing the information security operations to be continually trained and presented to new knowledge which allows them to identify and mitigate the risks of information theft. Additionally, the risks of espionage and information theft are not the single determinants of the need for knowledge acquiring. It has as such been learnt that the need for knowledge is also obvious at the simple operational level (Stamp, 2006).
In this order of ideas, the staff members have to be able to operate the hardware as well as the software in the most efficient and effective means. Also, they have to be allocated time in which to learn how to operate the devices and the programs. And this need becomes even more so impending as the technical hardware and the software applications are continually updated. Subsequently, it becomes obvious that the transfer of the information security to a tertiary firm would generate complementary benefits at the level of knowledge needed.
It could nevertheless be argued that the firm would lose a competitive advantage in owning its private information security department with a vast knowledge, but the statement could be counter-argued with the fact that this loss is insignificant compared to the gain retrieved, which would support the company in creating more sustainable competitive advantage. And furthermore, these new competitive advantages would be centered on the company's core operations. The knowledge acquired by the employees currently handling the information security operations would be capitalized upon by the creation of a smaller team of specialists who would continually collaborate with the service provider. The role of the new team would be that of transferring the necessary knowledge to the service provider and ensuring that their operations are developed and implemented with the continuous focus on the organization's needs and wants.
5. The role of the launch and analytical team
The success of the outsourcing / offshoring endeavor is strictly pegged to the creation of a highly skilled and competent launch and analytical team. The role of this team would be as follows:
The research of the available service providers and the selection of the most capable one
The transfer of knowledge from the internal information security department to the service provider
The alignment of the organizational requirements with the services to be provided by the partner company
The insurance of information integration and technological and skill compatibilities
The construction of a strong and mutually beneficial partnership contract for the outsourced / offshored services.
6. The estimated costs
The learner has generated the following estimations of the proposed project:
Research costs in the total amount of $10,000 (including delegations and communications with the prospected firms)
Transfer costs $250,000 for the first year
Maintenance costs in an approximate amount of $50,000 per year
Approximate cost of contract $1,000,000 per year
These costs are however smaller than those registered by the firm in the case of internal information service operations. Additionally, they are only as high within the first year as a result of the transfer process, and they are expected to decrease within the following years. This in fact means that a higher return on investment is expected following the second year of outsourcing / offshoring.
7. Coordination and control
The control and coordination of the outsourcing process would be ensured by a new team, formed from already existent organizational staff members, but especially created to serve the purpose. This team for supervision would be composed as follows:
Two information administrative staffs
Two executives from the company
Two technical staff members
Three software staff members
One public relations specialist.
The team would convey whenever necessary and would report to the Board. Its scope would be that of ensuring a smooth transition to the service provider and ensuring that the soon to be provided information security services are efficient and of the utmost highest quality.
In order to ensure that it attains the scopes for which it was created, the team of coordinators and controllers would also constantly meet with representatives of the service providing company. The meetings would focus on establishing the terms of the cooperation in order to support mutual benefits as well as to ensure that the service provider would fully comply with the needs and requirements of our organization.
8. Training programs
As it has been mentioned throughout the previous section, the training needs of the organization would decrease significantly upon the outsourcing / offshoring of the information security and this would lead to significant cost savings. Nevertheless, some training programs would still need to be developed and implemented and these would target the members of the team formed and delegated to ensure technical relationships with the service provider. In other words, in the aftermath of the transition, the firm would select five members in the current information security department and would train them on how to interact with the service providers.
The role of these individuals would suffer a slight change in the meaning that they would no longer be required to actually complete technical tasks, but they would supervise the means in which the service provider completes the technical tasks. Given the nature of these new responsibilities, the staff members in the new team would not only be subjected to technical training, but also to managerial, and people skills training. This latter category of training programs would ensure that the staff members are best able to interact and communicate with the employees at the service providing company (American Society for Training and Development, 1998).
9. Auditing approaches
At the level of auditing, it is expected that the decision to outsource / offshore the information service operations be verified by the Securities and Exchange Commission. Our firm would continually and fully cooperate with the SEC and provide them with all necessary information. Emphasis would be placed on transparency throughout the entire knowledge transfer processes.