Security Management Strategies for the CIOAccess "Security services firms: When and how to choose the right consultant"
This article is part of the June 2007 issue of How to tell if you need the help of security integrators and consultants
Organizations are looking for security help, and integrators and consultants are often their first stop. With an aging firewall starting to cause network performance problems and under pressure to get it fixed fast, David Robinson was in dire straits. He needed some additional expertise, and decided to hire a local security services firm he'd heard about from colleagues in a CIO group. "We were taking apart the heart of our architecture," says Robinson, CIO at Lockton Companies, a Kansas City, Mo.-based insurance broker. "It had to be done right, it had to be done quickly and it had to be secure." He kept a close eye on the new consultants, but it didn't take long to know he'd found the right firm for the job. The FishNet Security professionals offered several options for replacing the firewall. They didn't bully or berate, but instead cooperated with his security staff and complemented them. Despite the complexity of the project, the new firewall was installed, tested and operational in three weeks, within budget. "They also helped us simplify our overall ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Security services firms: When and how to choose the right consultant
Learn when to hire a security services firm, how third-party consultants can help managers, how much it should cost and how to choose the right firm.
-
Product review: RedSeal Systems' RedSeal Security Risk Manager
Red Seal Security Risk Manager allows security administrators to model and manage threats to corporate assets and networks. This product review looks at how the risk management tool rates in effectiveness, ease of setup, reporting and overall quality.
-
Product review: nCircle Configuration Compliance Manager
nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Nessus. This product review rates the software's ease of installation, features and effectiveness.
-
Product review: eEye Digital Security's Blink Professional 3.0
eEye Digital Security's Blink Professional 3.0 is a host-based multi-layered threat mitigation and intrusion prevention product for protecting Windows computers. This product reviews evalutes the software's effectiveness and management, policy control and reportinf features.
-
Security services firms: When and how to choose the right consultant
-
-
Product review: Unified threat management (UTM) devices
Unified threat management devices consolidate several network security functions into one product. This article evalutes six UTM appliances; each had to act as a firewall and virtual private network and provide antivirus, Web content filtering, intrusion prevention and antispam protection.
-
SIMs maturing and suitable for mid-market
Security information management systems (SIMs) tools have expanded with more capabilities such as active threat response. The broadening of the technology will provide security managers with a sharper view of their overall security posture.
-
Encryption key management blunders can render deployments useless
Encryption sounds like an ideal way to protect data but key management, including accountability, training, and enforcement of password complexity, are challenging.
-
Product review: Identity Engines' Ignition Server
Identity Engines' Ignition Server manages access controls across disparate directory services platforms (Active Directory, LDAP, eDirectory) by consolidating them into a single user store.
-
Product review: Unified threat management (UTM) devices
-
Columns
- Viewpoint: Blame software insecurity on project managers
-
PCI becoming overly complex and expensive
The Payment Card Industry Data Security Standard (PCI DSS) had admirable objectives but has lost its way. Today, compliance with the PCI standard is overly complex and costly.
-
Interview: FDIC director explains FFIEC standard
Michael L. Jackson, associate director of the FDIC, helped develop FFIEC, which aims to make online banking safer by forcing financial institutions to assess the risks in their environments and implement controls such as strong authentication.
-
Fellow practitioners are best security resources
Security professionals can reap benefits by joining a local user group or professional organization. Such groups provide a good way to network and a place to bounce ideas.
-
Apply manufacturing management techniques to information security
Total Quality Management is generally known as a manufacturing technique, but its selective use is helping to improve information security.
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...