Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Outsourcing information security

from [Jose Varghese] Network Security [Permanent Link]
Subject: RE: Outsourcing information security
Date: Tue, 12 Jul 2005 12:39:00 +0530 
Hi, 

Many organisations find it very expensive to recruit and retain a full
fledged internal security team. A portion of work is taken internally and
some outsourced.

A dedicated internal security team, though small, has several benefits.This
demonstrates management commitment towards security and also serve as
single point contact for all security requirements - driving implementation
and also for monitoring and reporting status.

Risk assessment for new technology initiatives might require specialised
skill and is best outsourced.The outsourced vendor brings in specialised
technical skills and internal security team brings in knowledge of internal
requirements and constraints.

Routine operational work like managing anti-virus, security patch
management,  reviewing IDS alerts and administration of Firewall( not
including rulebase approval)is best outsourced. The internal team needs to
have a person overseeing these operations and taking critical decisions
around these operations like for example approving a new firewall rulebase
and tracking virus infection levels.

The internal team can focus on updation of policies and procedures,
implementation and frequent audit. To ensure objectivity and to measure
adequacy of controls , outsourced service provider can be brought in for
occasional audit.

Jose Varghese
Paladion Networks

Application Security Magazine -- http://palisade.paladion.net
-----Original Message-----
From: Yuri [mailto:ybnair@gmail.com] 
Sent: Sunday, July 10, 2005 11:25 PM
To: jblackley@sysmatrix.net
Cc: security-management@securityfocus.com
Subject: Re: Outsourcing information security

Hi,

Is outsourcing Information Security a smart move? Rather than this why dont
train the inhouse team of professionals, which would be cost effective in
the long run. And above all to what extent can we trust third party sources
who test our networks,

Thanks
Yuri

On 5 Jul 2005 19:21:43 -0000, jblackley@sysmatrix.net
<jblackley@sysmatrix.net> wrote:

Ruslan,

'outsourcing information security' is a very large bite to digest. Can you

be more specific as to what aspects of information security you propose to
outsource?


John




--
Thanks & Regards
Yuri
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Development of Information Security Professionals, Adnan Shahid
Next by Date:  Re: Outsourcing information security, Bret Watson
Previous by Thread:  Re: Outsourcing information security, Yuri
Next by Thread:  RE: Outsourcing information security, Thompson, Jimi
Indexes:  [Date] [Thread] [Top] [All Lists]