Guidelines for Choosing to Outsource Security Management - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

Is Mandatory Access Control Too Much Security For Enterprise's Linux?

	Yes, too difficult to configure and manage.
	No. You can never have enough security.
	Yes. Standard Linux security settings work for us.
	No. Industry demands will demand SELinux.
	Don't know.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Advisory Watch: September 5th, 2008

Linux Security Week: September 1st, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Guidelines for Choosing to Outsource Security Management

User Rating:

How can I rate this item?

Source: CSO Online - Posted by Pax Dickinson

Outsourcing security is not appropriate for every organization. Some organizations will be better served by deploying and running security management and monitoring solutions. Your organization should use Gartner's Decision Framework to determine whether it is a candidate for MSSP services. It is important to be clear about your organization's expectation of a security outsourcing engagement, and to structure a service-level agreement that reflects those expectations.

When your organization decides that it needs active monitoring and management of its security infrastructure, it must then make the build vs. buy decision. This Decision Framework defines the capability and cost aspects necessary for making informed decisions about whether sourcing the management of an IT security perimeter to a managed security services provider (MSSP) is right for your organization.

You must understand the scope and boundaries of a potential outsourcing arrangement and determine the internal resources that will be required to achieve the desired level of security capability. Sourcing decisions must be based on an analysis of required security capabilities, current operational capabilities and cost.

Read this full article at CSO Online

Write Comment
Please keep the topic of messages relevant to the subject of the article. Personal verbal attacks will be deleted. Please don't use comments to plug your web site.. Such material will be removed.
Name:
Title:
Comment:
Code:*

< Prev		Next >

Partner:

Latest Features

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Meet the Anti-Nmap: PSAD

Open Source Tool of February: Nmap!

Yesterday's Edition

Responds to Allegations That AppArmor is Dying

SELinux Memory Protections are Your Friend

Open Source Release Takes Linux Rootkits Mainstream

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital