Study Of Information Security Risks Control In IT Outsourcing About A Insurance Company

In recent20years, the Information Technology (IT) has become the core power of enterprise development, so every enterprise pay many attention on IT. The IT is very professional and high cost, so more and more enterprises choose IT outsourcing as a complementary tool. But in IT outsourcing process, the partner has opportunities to touch the data or other secret things, so many enterprises eye on the security.This thesis tries to discuss how to control the information security risks in IT outsourcing. The thesis take an insurance group company (will be mentioned as "A Company") as instance, analyze the faced problems in the IT outsourcing process and try to find out why, then use some theory about IT outsourcing and information security risk controlling to give some overview methodologies. The methodologies mainly include three parts:to make a clear IT outsourcing strategy, to analyze and categorize the risks will be faced, construct a defense wall at three key points. The A company has used this methodology in practice, and gain so much from it. The thesis use W project to prove the effect of the methodology.