Every organization must answer the question of which functions in their information security program to outsource. When faced with that question, how do you decide what stays and what goes? What criteria would you evaluate your program against to mark certain functions off-limits? This session will focus on the scars and successes of others to flesh out best practices in security outsourcing.