discussion or papers on Managed Security Services

[lonervamp at gmail.com (Michael Dickey)]

Does anyone have any whitepapers, resources, or even blog posts about the
case for or against third-party managed security services? I'm not opposed
to biased whitepapers such as a case for MSSPs from someone who offers the
service, but I would prefer something that takes a step back and sees both
sides. Rambling/ranting is ok, as are mailing list threads if I happened to
miss something here or elsewhere.
For some background, I'm not the biggest fan of managed security because of
my own interest in security; I don't want someone else watching my alerts
and making guesses for me. But I do realize for some organizations (such as
those lacking in-house security staff/expertise), it might be the best
option. I'm just looking for some opinions and viewpoints so I can advise "a
buddy," beyond just my own thoughts. This could be revolving around DLP, IPS
(both host and network), and SEIM/SIM products pulling in system and network
logs/events.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100105/098c4db7/attachment.htm