Educause Security Discussion mailing list archives

Re: What companies do a good security audit/review


From: "Bruhn, Mark Steven" <mbruhn () INDIANA EDU>
Date: Fri, 14 Mar 2008 10:14:17 -0400

Depending on what you want, you may also identify a respected colleague from another like-institution, ask that person 
to put a team together, and have a peer review done?  I have said many times that we do not do enough of that, while 
handing a lot of money to companies that walk in with no clue as to higher education culture, environment, and 
operations.
M.

On 3/14/08 8:05 AM, "Mark Berman" <Mark.I.Berman () WILLIAMS EDU> wrote:

Hi all,

I am trying to send out an RFP for a security review/audit here at Williams. I have a couple of consulting companies 
that I've heard good things about whom I will include in the RFP distribution, but I would like a wider selection. The 
two I know about now are Bearhill and Akibia. I've heard through the grapevine that many companies that do this kind of 
work are not doing a very good job due to personnel constraints (too much demand for security experts these days).

SO: Do you know of any vendors that I should include on my list? Any vendors I should specifically NOT include? Any 
negative word on the two companies I already have on my list (negative because what I've heard so far is positive).

Any help will be much appreciated.

 - Mark
--
Mark Berman, Director for Networks & Systems
Williams College, Office for Information Technology
*** Please consider the environment before printing this message

Current thread: