Company-wide information security used to reside primarily in the realm of arcane technologies and technical staff. Today, enterprise security is an everyday concern from the corner office to the boardroom -- and financial services institutions are finding it increasingly difficult to manage security in-house.

Information security is often viewed as being too important to trust to an outsourcing arrangement. Financial institutions have reasoned that responsibility for security risks to and accountability of an institution, its board, and its management team cannot be placed in the hands of third parties. Yet with the information technology aspect of security growing in complexity and changing at an ever-increasing rate, new research from TowerGroup asserts that now is the time for financial institutions to consider outsourcing the IT portions of security. TowerGroup finds that managed security service providers (MSSPs) can often offer security best practices and maintain the high quality technological and human resources that many financial institutions simply cannot sustain internally.

With a synergistic approach to state-of-the-art security protocols, MSSPs working with financial institutions can establish a powerful and effective framework - rooting leadership for enterprise security programs within the institution while the actual security technology is managed by the MSSP. However for outsourcing to be effective, TowerGroup believes that the service provider and the institution must establish the right contractual expectations as well as a collaborative governance structure.

Managed security services (MSSs) can and should be incorporated into a financial institution's enterprise-wide, integrated risk management and regulatory regimen to maximize operational leverage. A graphic illustrating the ideal roles and responsibilities of each party in an outsourcing arrangement can be viewed and downloaded at: http://www.towergroup.com/research/content/page.jsp?pageId=1522

The TowerGroup report titled, "IT Security: Too Important to Outsource or Too Important Not To?," by Rodney Nelsestuen, senior analyst in the Cross Industry practice at TowerGroup, outlines why financial institutions should investigate outsourcing the IT portions of security.

At TowerGroup, Nelsestuen's research focuses on business and IT strategies, emerging trends, growth strategies and issues germane to the financial services industry. He covers topics such as improving customer experience, innovation, business process management, outsourcing, risk management, and cultivating ethnic and other emerging markets.

Members of the media may contact Jorge Lavina at 1.212.455.8041 or jlavina@cooperkatz.com to review the report and/or arrange an interview with Mr. Nelsestuen.

Sign up for bi-weekly newsletter, TowerGroup News, to stay informed on the latest research and events. To learn more, visit: http://ui.constantcontact.com/d.jsp?m=1101074606706&p=oi

About TowerGroup: TowerGroup is the leading advisory research and consulting firm focused on the global financial services industry. A respected source for trusted information and advice, TowerGroup brings many of the world's leading financial institutions, technology companies, and professional services firms a deeper understanding of the business and technology issues impacting their organizations. Headquartered near Boston in Needham, Massachusetts, and with offices in North America, Europe, and the Asia-Pacific region, TowerGroup serves a global client base. Visit http://www.towergroup.com/ for more information.

_______________________________________________________________

TowerGroup

CONTACT: Jorge Lavina for TowerGroup, 1-212-455-8041, or

jlavina@cooperkatz.com

Web site: http://www.towergroup.com/

http://ui.constantcontact.com/d.jsp?m=1101074606706&p=oi

© 2007 SYS-CON Media Inc.