 |
| Computer Security Services and Training |
Many information security consulting firms offer security services
and training, but it can be difficult for a client to differentiate
between them, especially when lacking any background in the
constantly-changing field of information security. The growing threat to
computer systems and networks from outside attackers and insiders means
that the need for information security services has never been higher.
So what should you look for when considering which computer security
company your organisation should hire?
To begin with, security
services and training is an extremely wide field, and needs to be
narrowed down to specific offerings. For example: what kind of services
are priorities for your organisations' particular situation, and which
others are "nice to have" but not immediately necessary?
In
addition, what kind of training is needed by your particular staff in
your particular situation? If it were possible to produce an
off-the-shelf solution that would cover all situations, then someone
would have marketed one by now. But in fact both information security
services, and training services, need to be highly customised to the
particular needs of the client. This means that your organisation will
need to hire security services and training from a specialist
information security company.
What should you look for when
considering the offerings of competing firms? Having prioritised the
computer security services your organisation requires, you should start
with the following basic checks:
· Does the firm have a lot of
experience in providing the given service (e.g. penetration testing,
network monitoring, regular scanning, interim security management).
· What qualifications and professional memberships are held by the people who will carry out the work?
· If there is potential access to sensitive data, have the professionals involved been checked for a criminal record?
· What references can they supply from past clients for this kind of service?
Another
question to ask is whether the firm is currently providing this service
- the more clients it has for this service, the better. This is because
the field of information security is changing so fast that skills can
easily become out of date, unless there is ongoing involvement in a
related project.