Information Security Blog

April 6, 2015

IT Security Assessment Bids, the Good, The Bad and the Ugly

Tips, tricks and shortcuts for evaluating vendors of independent IT security assessment.

This information will help you better understand the bid in front of you and some possible outcomes as you work to shorten the stack of vendors responses. While the information is not intended to be all-encompassing it should help with non-technical considerations. In no particular order, consider the information provided as a signpost at the crossroads of vendor choice.

Hypothesis for third party validation IT security: IT security is a specialty. Normal IT training as good as it is, simply cannot deep dive into all areas of IT Security. Consider the IT hacker, "bad guys" make their living or fame by capturing customer data or corrupting networks. They have nothing else on their plate. They are motivated and rife with time and patience and in some cases, backed by endless resources. With so much at stake, an IT assessment should not be a clash between your IT department and the outsourced assessment vendor. By analogy, a primary care physician refers her cancer patient to an oncologist. Your IT specialist should be able to help you with a complicated environment, cooperate with them and use their findings as a tool for remediation and staff training. If your vendor is punitive in their approach to assessment, then you have the wrong vendor.

Security Keys Pic

Authored By: Bill Brock