Educause Security Discussion mailing list archives
External Consultants
From: "Taylor, James R" <JimTaylor () MISSOURISTATE EDU>
Date: Thu, 31 Jan 2008 13:33:41 -0600
We will be issuing an RFP for an external consultant to assess our overall information security. Since not all consultants will have expertise in the areas we will specify for review, we are considering a "modular" approach which would allow them to bid on the areas they want, a la carte. Has anyone used this approach? Also, we would like our consultant to be listed on the PCI Security Standards Council's "Qualified Security Assessors" list. https://www.pcisecuritystandards.org/pdfs/pci_qsa_list.pdf to get a stringent enough assessment to cover all compliance issues (PCI, HIPAA, FERPA). Past posts on this forum have named consultants but only two (Jefferson Wells and NetSPI) were on the PCI list. Has anyone had experience with others on the list? As you might have guessed, we are looking for the best bang for the buck. I would like to know if we might be opening a can of worms by possibly having multiple vendors provide an assessment, and if we are unnecessarily restricting ourselves to vendors on the "Qualified Security Assessors" list. Thanks for any help that can be provided. __________________________ Jim Taylor GISP, GCIH, GCFA Technology Projects Coordinator Computer Services Missouri State University 417-836-5226 http://computerservices.missouristate.edu <http://computerservices.missouristate.edu>
Current thread:
- External Consultants Taylor, James R (Jan 31)
- <Possible follow-ups>
- Re: External Consultants Willis Marti (Jan 31)
- Re: External Consultants Sherry, Cathy (Jan 31)
- Re: External Consultants Doug Markiewicz (Jan 31)