Firewall Wizards mailing list archives
RE: Managed Security Metrics
From: "Mike Smith" <msmith () infinity-its com>
Date: Tue, 6 Mar 2001 11:43:13 -0500
I'm looking for a service provider that covers more than firewall management; it should offer internal IDS, anti-virus, content filtering (incoming and outgoing), etc. Down the road, I may look for services like password management, PKI management, maybe even integrated physical security. My research tells me the SLA is the main way to tell what I'm getting for my money and to compare providers. I expect the provider to have a service that implements my security policy (after we jointly review, and update if necessary, that policy to make sure it's appropriate and supportable with the provider's offering; I expect the provider to give advice in that area as part of the service). The SLA is also my contract. It defines "good" service, and ideally defines rebates (to me) or penalties (to the provider) if the service isn't "good." But "good" has to be objective and the provider has to be able to demonstrate that it was "good" during a given reporting period. Mike Smith -----Original Message----- From: Adam Shostack [mailto:adam () homeport org] Sent: Monday, March 05, 2001 6:01 PM I think that theres a lot of process issues which are not easily quantified. For example, I want to know that an account will be shut off within 5 minutes of a lost token report, but more than that I want them to go through a list of accounts quarterly to ensure that there is a known, employed user using the account. I'd like to see log monitoring, a guaranteed response time to certain classes of events eg, any user not on a shortlist becoming root leads to a phone call that connects with my escalation tree inside of 15 minutes. Perhaps you can make the question more specific: What are you trying to protect? What is the service selling you? Is it "firewall and in, end-to-end security?" Is it firewall log monitoring? On Mon, Mar 05, 2001 at 01:37:10PM -0500, Mike Smith wrote: | So I'm back to asking, what are suitable, measurable criteria for judging | the quality of my security service provider's performance? | | Mike Smith _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Managed Security Metrics, (continued)
- Re: Managed Security Metrics shawn . moyer (Mar 05)
- Re: Managed Security Metrics R. DuFresne (Mar 06)
- Message not available
- Re: Managed Security Metrics Marcus J. Ranum (Mar 06)
- Re: Managed Security Metrics shawn . moyer (Mar 05)
- IP Spoofing and counter measures Tib (Mar 09)
- Re: IP Spoofing and counter measures Ryan Russell (Mar 11)
- RE: Managed Security Metrics Bob . Eichler (Mar 05)
- RE: Managed Security Metrics Mike Smith (Mar 05)
- Re: Managed Security Metrics Adam Shostack (Mar 06)
- RE: Managed Security Metrics R. DuFresne (Mar 06)
- Re: Managed Security Metrics shawn . moyer (Mar 06)
- RE: Managed Security Metrics Mike Smith (Mar 06)
- Re: Managed Security Metrics Adam Shostack (Mar 09)
- RE: Managed Security Metrics R. DuFresne (Mar 09)
- RE: Managed Security Metrics Crumrine, Gary L (Mar 07)
- Re: Managed Security Metrics Jack McCarthy (Mar 07)