Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Managed Security Services

from [James McGee] Network Security [Permanent Link]
Subject: Managed Security Services
Date: Mon, 6 Dec 2004 20:58:44 -0000 
Hi

My current client had an audit requirement to implement a IDS infrastructure
a while ago so did, along with an any-any-any allow firewall!  They did not
have the skills in house so outsourced this to a 3rd party.  This went fine,
until I came in and the first thing I did was to remove the any-any-any
allow, and start putting in a proper rulebase.

The thing is, the number of changes we now have to make to the firewalls
make the managed service seem pointless.  We are putting more than enough
work for at least one FTE their way and are paying for changes on an hourly
basis (expensive!)

Does anyone have any numbers available for when outsourcing a security
service is viable and when it should be done in house?

I know there are dozens of variables here, but the general question is how
static should your rulebase be before you outsource the management of it
(well the hardware software and support)?

Thanks



James
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [unisog] RE: Outside Penetration Testing and FERPA, GREGORY SEIBERT
Next by Date:  Quest for INFOSEC stats, Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA
Previous by Thread:  Re: [unisog] RE: Outside Penetration Testing and FERPA, GREGORY SEIBERT
Next by Thread:  Re: Managed Security Services, Rainer Duffner
Indexes:  [Date] [Thread] [Top] [All Lists]