to third parties, and the next logical step is to outsource
management of computer security incidents as well. This paper
describes a case study where we have studied several organizations
who are active in this space today. Our results indicate that
outsourcing of incident management is a viable security approach
for many organizations, but that transitioning between providers
frequently is a challenge.