Educause Security Discussion mailing list archives
Re: External Consultants
From: Willis Marti <wmarti () TAMU EDU>
Date: Thu, 31 Jan 2008 13:58:20 -0600
Taylor, James R wrote:
I would like to know if we might be opening a can of worms by possibly having multiple vendors provide an assessment, and if we are unnecessarily restricting ourselves to vendors on the “Qualified Security Assessors” list.
We are using an external consultant from AT&T on an architecture assessment task; it's good to get an external view. I think the QSA is an unnecessary restriction. It doesn't buy you more skills, just a different lens. Requiring CISSP and, optionally, CISM is more likely to point to good value.
-- Cheers, Willis Marti Director & CISO Networking and Information Security Texas A&M University
Current thread:
- External Consultants Taylor, James R (Jan 31)
- <Possible follow-ups>
- Re: External Consultants Willis Marti (Jan 31)
- Re: External Consultants Sherry, Cathy (Jan 31)
- Re: External Consultants Doug Markiewicz (Jan 31)