Educause Security Discussion mailing list archives
Re: What companies do a good security audit/review
From: "St Clair, Jim" <Jim.StClair () GT COM>
Date: Fri, 14 Mar 2008 09:56:01 -0400
Hi Mark, Are you considering a technical review, risk assessment, or compliance audit (or a combination)? Each one can be considered a discrete evaluation, and LOTS of firms (to include mine) offer these services. Each firm also has their strengths and weaknesses, and can offer different experience or perspective. Have you defined what the products or deliverables are to be from the assessment, and do you need the products to support other IT security requirements? Happy to discuss more off-list, if desired. Cheers, James A.St.Clair, CISM, PMP Sr. Manager Global Public Sector Grant Thornton LLP (703) 637-3078 (office) (703) 727-6332 (mobile) (703) 837-4455 (fax) ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Berman Sent: Friday, March 14, 2008 8:06 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: What companies do a good security audit/review Hi all, I am trying to send out an RFP for a security review/audit here at Williams. I have a couple of consulting companies that I've heard good things about whom I will include in the RFP distribution, but I would like a wider selection. The two I know about now are Bearhill and Akibia. I've heard through the grapevine that many companies that do this kind of work are not doing a very good job due to personnel constraints (too much demand for security experts these days). SO: Do you know of any vendors that I should include on my list? Any vendors I should specifically NOT include? Any negative word on the two companies I already have on my list (negative because what I've heard so far is positive). Any help will be much appreciated. - Mark -- Mark Berman, Director for Networks & Systems Williams College, Office for Information Technology *** Please consider the environment before printing this message -------------------------------------------------------- In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under the Internal Revenue Code. -------------------------------------------------------- This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender immediately and delete the material from any computer.
Current thread:
- What companies do a good security audit/review Mark Berman (Mar 14)
- <Possible follow-ups>
- Re: What companies do a good security audit/review Sealey, Adam L. (Mar 14)
- Re: What companies do a good security audit/review St Clair, Jim (Mar 14)
- Re: What companies do a good security audit/review Bruhn, Mark Steven (Mar 14)
- Re: What companies do a good security audit/review Bob Bayn (Mar 14)
- Re: What companies do a good security audit/review John Ladwig (Mar 14)
- Re: What companies do a good security audit/review Bruhn, Mark Steven (Mar 14)
- Re: What companies do a good security audit/review Darwin Macatiag (Mar 14)
- Re: What companies do a good security audit/review Ced Bennett (Mar 14)
- Re: What companies do a good security audit/review Jim Dillon (Mar 14)
- Re: What companies do a good security audit/review Ozzie Paez (Mar 14)