To stay one step ahead of the trend, here are some key areas that can implemented to assist your business in managing the risk associated with government sponsorship, censorship and implementation of security controls:
1) Communicate expectations: China is a new player in the world economy and likewise is a new player in the world information security space. Remind your business leaders that the same amount of attention we shared with India will be required with China in order to weave the fundamental information security policies and requirements in to fabric of its government and business law.
2) Research Chinese business laws: work closely with your legal team to determine the Chinese requirements placed upon your outsourcer. The findings should translate into service levels and capabilities in your new/existing contracts.
3) Establish due diligence depth: work closely with your legal, compliance and outsourcing team to build the appropriate depth to your due diligence analysis.
4) Understand government monitoring: China monitors and filters content to and from its population. The monitoring of encrypted traffic, such VPN, secure web transactions and file transfer should be identified to make sure that the outsourcers contractual commitments align with your expectations.
5) Explore government encryption keys access: China business laws may require access to encryption keys used to send and receive data to other countries. Determine how this access will occur and its implications on your existing key policies and procedures.
6) Investigate security breach notification: inquire about the security breach process with issues that may emerge from inside China’s borders. If a physical or technical breach occurs, you will need to determine if government censorship will prevent or filter disclosure. This can impact you ability to remain compliant with regulations in other countries.
7) Develop sourcing awareness: provide your sourcing team with the information necessary to design your outsourcing contracts so that they align with your industry requirements appropriately. This can also provide them the tools necessary to identify an information security caution flag which will allow you to engage early in the contract process to assist in building security-aware agreements.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.