Security Basics mailing list archives
Re: ISP Security SLA's
From: "Mitchell Rowton" <mrowton () bdo com>
Date: Tue, 16 Mar 2004 12:33:37 -0500
Its hard to tell without a better idea of what kind of services they will provide, are they just an ISP? One thing I always ask for while doing security evaluations of vendors is that they inform us of any possible security intrusions that could affect us. You would be surprised by how many vendors are reluctant to sign their name to this type of agreement. Of course you won't need do ask for this in California.... You could always throw in a bunch of sweeping generalities that are impossible to enforce (they will practice reasonable due diligence to maintain technical and administrative security controls to protect the confidentiality, integrity, and availability, of your information.) That way if they do something VERY stupid then you may have a leg to stand on.
"Spencer Hall" <SHALL () stvincentshealth com> 03/16 3:40 AM >>>
I am looking at incorporating security language in a contract with vendors that will be providing us with Internet access/ Has anyone any idea's, thoughts or suggestions about incorporating some security requirements in addition to performance SLA's within the contract. Spencer D. Hall Sr. Network Analyst/HISO St. Vincent's Medical Center shall () jaxhealth com ----------------------------------------- NOTICE: This message is confidential, intended for the named recipient(s) and may contain information that is (i) proprietary to the sender, and/or, (ii) privileged, confidential and/or otherwise exempt from disclosure under applicable Florida and federal law, including, but not limited to, privacy standards imposed pursuant to the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Receipt by anyone other than the named recipients(s) is not a waiver of any applicable privilege. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you in advance for your compliance wtih this notice. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- ISP Security SLA's Spencer Hall (Mar 16)
- Re: ISP Security SLA's steve (Mar 17)
- <Possible follow-ups>
- Re: ISP Security SLA's Mitchell Rowton (Mar 17)