Firewall Wizards mailing list archives
Re: Outsourcing Firewalls/Internet Security count
From: Bennett Todd <bet () rahul net>
Date: Wed, 3 Dec 1997 10:56:43 -0800
1997-12-02-21:10:59 Edward Cracknell:
1997-12-02-02:20:52: Adam Safier:How many people received a query or had a chief security officer CIO express an interest outsourcing their Firewall / security management?All of us....and the general opinion is that this is a good thing.
Speak for yourself; I've never personally heard such a request, and regard it as a horrible thing, for a couple of reasons. The first one is, you shouldn't be extending that sort of trust outside your own organization; this is the most obvious and trivial reason. But a deeper and more urgent concern is that the _hard_ part of firewall and security management is critically intertwined with the heart of business management. The only way to make the right decisions for security management, and to have the authority to enforce those decisions, is to start with a security policy. Writing and maintaining that security policy is the most important responsibility for security administration, it's most of the work, and it's wildly inappropriate for outsourcing. Now it's true that some organizations don't have the expertise to get themselves squared away up front, and don't have sufficiently complex or fast-changing needs to require a full-time in-house expert. For them, I would not recommnd outsourcing security management, I'd recommend instead short-term consultant help to get 'em set up with in-house management. I've been known to do this for free --- if someone asks me how to get their little itsie companie hooked up to the internet, I talk to 'em about data comms alternatives and ISPs and so on, then I explain that if there's anything valuable on their computers, or if they're worried about having their computers trashed by vandals, they positively have to have a firewall, and if they can't afford say $10,000 to get it done right, I could set 'em up with a trivial firewall implementing a nice stock policy for free, they provide the old junker 486 PC. It's easy enough. -Bennett
Current thread:
- Outsourcing Firewalls/Internet Security count Safier, Adam (GEIS) (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count Edward Cracknell (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count David HM Spector (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Adam Shostack (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count Rick Low (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Larry J. Hughes Jr. (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Edward Cracknell (Dec 03)
- Outsourcing firewalls & InfoSec Ops - Part I/II Frank Willoughby (Dec 09)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II Paul D. Robertson (Dec 15)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II chuck yerkes (Dec 16)