COMPLIANCE COUNSELOR
How secure is your managed service provider?
Linda Christie
05.16.2001
Rating: --- (out of 5)
How secure is your managed service provider?
By Linda Christie
Managed service providers (MSPs) offer expertise, trained personnel and
cost-effective solutions that allow IT departments to focus their
resources on core business initiatives. However, many companies are
simply afraid to outsource the management of their information
assets.
"Utilizing the services of an MSP does not mean you have to
compromise security," said Allen Vance, director of Offer Development
in the Managed Security Services business unit of Internet Security
Systems (ISS), a leading provider of security management solutions
for the Internet. "To minimize security risks as well as ease the
concerns of shareholders, you can request a security audit be
conducted by a trusted security auditor, just like you would request
a financial audit from a reputable accounting firm."
In addition to interviews and walk-though inspections, security
auditors employ a number of automated tools that can detect network
security problems as well as recommend fixes. A vulnerability scan,
for example, checks firewall configurations, password strength and
operating system configuration, as well as looks for unknown or
unauthorized devices attached to the network, remote control
applications and signs of intruder infiltration, including sniffer
and back-door programs. A report rates each vulnerability low,
medium, or high risk and suggests fixes.
"The audit should include both external and internal assessments,"
Vance said. "The external assessment looks at the network perimeter
-- firewall, router, Web servers, etc. -- from the hacker's eye view
via the Internet. The vulnerability scan is performed internally,
behind the firewall. In addition, you may want to request a
penetration test - with the MSP's permission. During a penetration
test, security experts literally try to hack into the network and
take information to prove they got there."
After the service provider implements needed remedies, Vance
recommends another scan be performed. "The MSP may not allow you to
see the detailed security report because it may contain proprietary
security information. However, you can request a security risk
analysis report from the independent auditor. Depending on the level
of security needed, some companies require vulnerability assessments
on a monthly basis."
About the author
Linda Christie is a contributing editor based out of Tulsa, Okla.
Related book
Information Security Management Handbook, Fourth Edition, Volume Two
Author : Harold F. Tipton
Publisher : CRC Press
ISBN/CODE : 0849308003
Cover Type : Hard Cover
Pages : 640
Published : Oct. 2000
Summary:
The runaway growth of computer viruses and worms and the ongoing nuisance posed by malicious hackers and employees who exploit the security vulnerabilities of open network protocols make the tightness of an organization's security system an issue of prime importance. And information systems technology is advancing at a frenetic pace. Against this background, the challenges facing information security professionals are increasing rapidly. Information Security Management Handbook, Fourth Edition, Volume Two is an essential reference for anyone involved in the security of information systems.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
