Real talk in cybersecurity
Versus excel spreadsheet lists
Outsourcing is common, both onshore and offshore, as companies focus on core competencies and ways to cut costs. From an information security point of view, these arrangements can present risk that may be difficult to quantify and potentially difficult to mitigate (ISACA).
In PROSCI’s article Before You Act, Consider These Keys to Preparing for Change Tim Creasey makes the point:
“Assess Resistance and Identify Special Tactics
Special tactics in your change management strategy may be required given your change and your organization. You may be able to identify special circumstances or possible resistance before the program even begins. This is called Proactive Resistance Management and is one of three avenues for managing resistance.”
Assessing risks is more than quantifying data, and presenting it to your sponsor. As ISACA mentions above, there might be risks that are more qualitative. Like cultural differences that mean that security is viewed differently from how you view it.