need an outsourced managed security vendor
backdoors, Career development, Compliance, CRM, Current threats, Disaster Recovery, Firewalls, Forensics, Hacking, human factors, Incident response, Intrusion management, Laws, Network security, Outsourcing, Policies, Regulations, Risk management, Security, Security Program Management, Spyware, standards, Trojans, Vendors, Viruses, VPN, Wireless, worms
Looking at a managed security service provider that can help with GLBA regulatory requirements
Software/Hardware used:
Software/Hardware used:
ASKED:
November 28, 2005 2:49 PM
UPDATED:
December 19, 2005 10:17 AM
Answer Wiki:
Depending on the breadth required, we have used SunGard Availability Services. There are smaller vendors for SME market as well that we've used on a case by case basis.
To see all answers submitted to the Answer Wiki: View Answer History.
Joesph,
Layer 9 will be happy to help you with securing your network, and assiting with your Gramm-Leach-Bliley compliance.
You can reach us toll free at 866-369-8999 or email me at cw@layer9corp.com. Also feel free to visit our website at http://www.layer9corp.com or http://www.layer9corp.net
Chris Weber
Layer9corp.com
P.S While normally they frown on consultants offering their services here, since that IS your question, I trust it is ok to respond to it.
There are many security consultancies in the market who offer this type of service. You need to be sure that you will be happy with the one you choose as you are going to be giving them access to everything you have warts and all. The cheapest will not necessarily be the best so you will have to carry out a vendor selection exercise. However, before you do sit down and document exactly what you want to achieve and the scope of the work involved. This will avoid misunderstandings later. A good staring point would be to speak to your network of security colleagues and create a list of potential partners from recommendation. That way you will be able to prove to your board that you have been diligent when you recommend spending what will be a significant sum.
Joseph,
I currently use Counterpane (www.counterpane.com) as my primary security vendor. I can only say good thisng about them, from the weekly, monthly and quarterly reports that they generate for us. Check them out, you never know…
We use Cybertrust and are very happy with them.
Joseph,
I am not sure where you are located, or if that is relevant, but I have worked extensively with a company called Balanced Trust. All they do is regulatory compliance so this would be right up there alley.
I hope this helps…
Mike
Thank you for your help…This is great!
One more question…someone suggested SecureWorks…anyone know anything about them?
SecureWorks is an atlanta based company. I am with an association of financial institution infosec managers (CUISPA). Many of our members use SecureWorks and report favorably about their service. We’ve also heard good things about are Counterpane. I will comment that your request to meet GLBA is a broad comment. Any vendor will “theoretically” meet GLBA. GLBA is vague in its wording. You wont find a single MSSP that will say they do not satisfy GLBA. But, if you are in a regulated industry and concerned about compliance you may want to look at the specifics of other regulations that effect GLBA. If you are with a financial insitution, one of the big issues is 3rd party vendor due diligence (making sure all of your vendors are doing what they should to safeguard any data they have access to). Therefore pick a vendor that is well known and reputable.
my 2 cents