Security Basics mailing list archives
Re: ISP Security SLA's
From: "steve" <securityfocus () delahunty com>
Date: Tue, 16 Mar 2004 15:00:22 -0500
I have negotiated secure managed hosting environments and also gotten specific in the contract to detail what services they are providing. For instance including: firewall (dedicated or shared), packet level filtering, network and host intrusion detection, periodic penetration testing and vulnerability scanning, configuration and patch management. I have seen a Master Services Agreement (MSA) with detailed information on what was to be provided for Managed Firewall Services, Managed Intrusion Detection Services, Vulnerability Assessment Services, and Penetration Testing Services. I can't freely send details of that MSA though. There was about a paragraph on each detailing exactly what was to be provided. I have seen a security specific SLA from another vendor but it dealt more with uptime of their security management customer portal and notifications required to customers as well as policy changes. ----- Original Message ----- From: "Spencer Hall" <SHALL () stvincentshealth com> To: <security-basics () securityfocus com> Sent: Tuesday, March 16, 2004 3:40 AM Subject: ISP Security SLA's I am looking at incorporating security language in a contract with vendors that will be providing us with Internet access/ Has anyone any idea's, thoughts or suggestions about incorporating some security requirements in addition to performance SLA's within the contract. Spencer D. Hall Sr. Network Analyst/HISO St. Vincent's Medical Center shall () jaxhealth com ----------------------------------------- NOTICE: This message is confidential, intended for the named recipient(s) and may contain information that is (i) proprietary to the sender, and/or, (ii) privileged, confidential and/or otherwise exempt from disclosure under applicable Florida and federal law, including, but not limited to, privacy standards imposed pursuant to the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Receipt by anyone other than the named recipients(s) is not a waiver of any applicable privilege. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you in advance for your compliance wtih this notice. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- ISP Security SLA's Spencer Hall (Mar 16)
- Re: ISP Security SLA's steve (Mar 17)
- <Possible follow-ups>
- Re: ISP Security SLA's Mitchell Rowton (Mar 17)