Managed Security Services Best Practices
Gain practical guidance from leading users, analysts and experts on how to successfully scope and implement Managed Security initiatives and projects. Includes implementation examples, guidance, checklists, mistakes and tips.
| Security, Storage Give Rise to Managed Services |
| Five tips to successful Managed Security Services: 1. Make a list of the five high-level characteristics of your security environment, then ask to speak with customers whose IT, business and even geographical environment closely mirrors yours. Tend to the basics: Put someone in charge, involve all the stakeholders and bring in the procurement team early. 2. Clearly define the terms of your agreement up front. Service-level agreements should include metrics for availability and response times for alerts, changes and prevailing threats on the Internet. 3. Clearly identify the vendor team that will look after your environment and make sure the people assigned to your account are experts in the issues important to your organization. Work out in advance when these experts are on call, because not all security operations centers are equally staffed at all times. 4. Going local has its benefits. Because communication is so important in security, companies often find having a local security operation makes more sense than signing up with the central center. 5. Establish regular reviews. Metrics-driven organizations increasingly want to do this quantitatively. Other organizations may seek qualitative reports of issues and actions taken. Augment this with regular status meetings, typically every two weeks. |
| Paul Stamp, Forrester Research |
| Myth or Truism? Security Experts Judge Conventional Wisdom |
| "People are risky, whether they get a paycheck signed by you or one signed by the outsourcer. Focus on how those people are hired, how they are trained, how they are monitored, and how they are audited - not on who signs their paycheck. Often, an outsourcer has more security measures in place than you do." |
| Bruce Schneier, British Telecom |