Educause Security Discussion mailing list archives
Outsourcing security scanning (internal and external)
From: Greg Francis <francis () GONZAGA EDU>
Date: Fri, 7 Oct 2005 01:00:39 -0700
We are currently considering whether or not to outsource penetration testing from off-campus such that testing will be done frequently (monthly?) versus a periodic audit which we have already outsourced in the past. We're also considering outsourcing the same functionality except on the inside of the firewall. At present, we do some scanning with NMAP and Nessus but there are concerns from management that our efforts are inadequate and our reliability is low. We are making improvements but I question how much we should focus into that area if it's going to be outsourced anyway. Our CIO thinks that outsourcing both tasks may be more cost effective and appease management more. Are there any schools out there that have outsourced either external scanning? If so, how frequently is the scanning done? Do you have a vendor that you recommend and what is their general cost? Any input is highly appreciated. Thanks, Greg -- Greg Francis Gonzaga University Sr. System Administrator Spokane Washington francis () gonzaga edu 509-323-6896
Current thread:
- Outsourcing security scanning (internal and external) Greg Francis (Oct 07)
- <Possible follow-ups>
- Re: Outsourcing security scanning (internal and external) John Kemp (Oct 07)
- Re: Outsourcing security scanning (internal and external) Sarah Stevens (Oct 07)
- Re: Outsourcing security scanning (internal and external) Greg Francis (Oct 07)
- Re: Outsourcing security scanning (internal and external) Valdis Kletnieks (Oct 07)
- Re: Outsourcing security scanning (internal and external) Valdis Kletnieks (Oct 07)
- Re: Outsourcing security scanning (internal and external) Greg Francis (Oct 08)