Re: What companies do a good security audit/review

["St Clair, Jim" <Jim.StClair () GT COM>]

Hi Mark,

 

 

Are you considering a technical review, risk assessment, or compliance
audit (or a combination)? Each one can be considered a discrete
evaluation, and LOTS of firms (to include mine) offer these services.
Each firm also has their strengths and weaknesses, and can offer
different experience or perspective.

Have you defined what the products or deliverables are to be from the
assessment, and do you need the products to support other IT security
requirements?

 

Happy to discuss more off-list, if desired. 

 

Cheers,

James A.St.Clair, CISM, PMP 
Sr. Manager 
Global Public Sector 
Grant Thornton LLP 
(703) 637-3078 (office) 
(703) 727-6332 (mobile) 
(703) 837-4455 (fax) 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Berman
Sent: Friday, March 14, 2008 8:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: What companies do a good security audit/review

 

Hi all,

 

I am trying to send out an RFP for a security review/audit here at
Williams. I have a couple of consulting companies that I've heard good
things about whom I will include in the RFP distribution, but I would
like a wider selection. The two I know about now are Bearhill and
Akibia. I've heard through the grapevine that many companies that do
this kind of work are not doing a very good job due to personnel
constraints (too much demand for security experts these days). 

 

SO: Do you know of any vendors that I should include on my list? Any
vendors I should specifically NOT include? Any negative word on the two
companies I already have on my list (negative because what I've heard so
far is positive).

 

Any help will be much appreciated.

 

 - Mark

--

Mark Berman, Director for Networks & Systems

Williams College, Office for Information Technology

*** Please consider the environment before printing this message
 

--------------------------------------------------------


In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any 
written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton 
LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under 
the Internal Revenue Code. 

--------------------------------------------------------

 This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or 
privileged information.  Any review, dissemination, copying, printing or other use of this e-mail by persons or 
entities other than the addressee is prohibited.  If you have received this e-mail in error, please contact the sender 
immediately and delete the material from any computer.