(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version


Choosing an information security services provider




2006/12/20 Michael Desrosiers

This month's topic is about what to look for in choosing a information security services provider for your organization.

Choosing an appropriate security service provider is not the easiest of tasks. Handing over the security of your networks, systems and data to someone else seems like a defeatist move or an acknowledgment that the threats are more than your organization can handle. The truth is that tapping into a security service provider might be the best way to protect your company and comply with the litany of corporate and government regulations. As a business, you must know what's on your network or in your systems and must clearly define how the provider is going to help your company meet its security and compliance needs.

A lack of in-house resources and expertise is most often the contributing factor for soliciting an outside consulting firm for these services. In the information security world, it's the high stakes game of what came first, the "chicken or the egg." Most businesses don't feel like they possess the specialized and focused knowledge on their staff, especially with the rapidly growing numbers of issues and exposures that are currently at hand. They need to be concerned about who is trying to do a port scan against their systems or if the network contains ad bots or spy bots trying to communicate to the outside world. The ability to detect and avert downtime is crucial to any organization, but particularly in today's global economy. Outsourcing security can also save an organization annually, by cutting the cost of hiring full-time staff. Yearly security assessments on the products and services an organization uses is in line with the ISO17799 security framework guidelines and current best business practices. Industry estimates conclude, that it costs about 50% less to outsource this expertise as it would be to hire a security staff and buy the necessary technology.

Before opting to outsource any aspect of your security, a company truly needs to be able to clearly define all access points and data flow into its data infrastructure and to how the service provider will access and protect that information. Security, like any other service, must be managed and that typically costs about 10% of the contract when you factor in the time and effort of your existing IT staff to do it.

There you have it. As your business grows, it is becoming more and more evident that an eye must be kept on the exposures and liabilities that come with this growth and expansion. Security service providers can not only provide the necessary skills needed to protect your assets, but provide flexibility in how they are engaged. One word of advice, do your homework. Have the provider present your business with their firms personnel and professional references and certifications.

To respond to this or previous newsletters or to inquire about an on-site presentation, please feel free to call us at 508-995-4933 or email us at mdesrosiers@m3ipinc.com.


Michael Desrosiers
Founder & Principal Consultant
m3ip, Inc.
We Manage Risk, So You Can Manage Your Business
(O)508-995-4933
(C)774-644-0599
mdesrosiers@m3ipinc.com
http://www.m3ipinc.com


More Articles by Michael Desrosiers




Click here to add your comments


Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar


ad

/MDesrosiers/security_services.html copyright December 2006 Michael Desrosiers All Rights Reserved

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments



Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.


book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!



 I sell and support
 Kerio Mail server






More:
       - Security
       - MDesrosiers


Unix/Linux Consultants

Skills Tests

Guest Post Here










My Favorites

Change Congress