Accession Number : ADA336329

Title :   Security for Information Technology Service Contracts

Descriptive Note : Final rept

Corporate Author : CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Personal Author(s) : Allen, Julia ; Cunningham, Lisa ; Ford, Gary ; Fraser, Barbara ; Kochmar, John

PDF Url : ADA336329

Report Date : JAN 1998

Pagination or Media Count : 39

Abstract : An increasing number of organizations are contracting with outside companies for installation and maintenance of their information technology (IT). All too often, these organizations experience increased difficulty in providing appropriate oversight of the services and software for which they have contracted. For example, contractor access to the organization's systems is often neither well controlled nor secure, placing information systems and data at risk. The practices recommended in this document are designed to assist your organization in managing the contractor, managing the contract, and deterring common, known security problems when IT services and software are externally contracted.

Descriptors :   *INFORMATION SYSTEMS, *SECURITY, COMPUTER PROGRAMS, ORGANIZATIONS, RISK, CONTRACTS, CONTRACTORS, ACCESS.

Subject Categories : Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE