Firewall Wizards mailing list archives
Re: Managed Security Metrics
From: Adam Shostack <adam () homeport org>
Date: Wed, 7 Mar 2001 11:44:44 -0500
On Tue, Mar 06, 2001 at 11:43:13AM -0500, Mike Smith wrote: | I'm looking for a service provider that covers more than firewall | management; it should offer internal IDS, anti-virus, content filtering | (incoming and outgoing), etc. Down the road, I may look for services like | password management, PKI management, maybe even integrated physical | security. I think you need to break these down; what do you really expect from each of them? For example, what do you want the content filtering to do? How intrusive can it be? What do you do about encrypted mail? SSL traffic? (I'm not a big fan of content filtering.) For AV stuff, I would contract for a maximum response time, the vendor to fix the machines damaged by viruses in the lapse-time, etc. For internal IDS, what do you expect to catch? Is it password guessing? Portscanning? Generally, IDS is still a fairly new field--you may want to look at the kind of advances coming in conferences like "Recent Advances in Intrusion Detection" to see what people think of as cutting edge.. Adam | My research tells me the SLA is the main way to tell what I'm getting for my | money and to compare providers. I expect the provider to have a service | that implements my security policy (after we jointly review, and update if | necessary, that policy to make sure it's appropriate and supportable with | the provider's offering; I expect the provider to give advice in that area | as part of the service). | | The SLA is also my contract. It defines "good" service, and ideally defines | rebates (to me) or penalties (to the provider) if the service isn't "good." | But "good" has to be objective and the provider has to be able to | demonstrate that it was "good" during a given reporting period. | | Mike Smith | | -----Original Message----- | From: Adam Shostack [mailto:adam () homeport org] | Sent: Monday, March 05, 2001 6:01 PM | | I think that theres a lot of process issues which are not easily | quantified. For example, I want to know that an account will be shut | off within 5 minutes of a lost token report, but more than that I want | them to go through a list of accounts quarterly to ensure that there | is a known, employed user using the account. | | I'd like to see log monitoring, a guaranteed response time to | certain classes of events eg, any user not on a shortlist becoming | root leads to a phone call that connects with my escalation tree | inside of 15 minutes. | | Perhaps you can make the question more specific: What are you trying | to protect? What is the service selling you? Is it "firewall and in, | end-to-end security?" Is it firewall log monitoring? | | | On Mon, Mar 05, 2001 at 01:37:10PM -0500, Mike Smith wrote: | | So I'm back to asking, what are suitable, measurable criteria for judging | | the quality of my security service provider's performance? | | | | Mike Smith | | _______________________________________________ | firewall-wizards mailing list | firewall-wizards () nfr com | http://www.nfr.com/mailman/listinfo/firewall-wizards -- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Managed Security Metrics, (continued)
- Re: Managed Security Metrics R. DuFresne (Mar 06)
- Message not available
- Re: Managed Security Metrics Marcus J. Ranum (Mar 06)
- IP Spoofing and counter measures Tib (Mar 09)
- Re: IP Spoofing and counter measures Ryan Russell (Mar 11)
- RE: Managed Security Metrics Bob . Eichler (Mar 05)
- RE: Managed Security Metrics Mike Smith (Mar 05)
- Re: Managed Security Metrics Adam Shostack (Mar 06)
- RE: Managed Security Metrics R. DuFresne (Mar 06)
- Re: Managed Security Metrics shawn . moyer (Mar 06)
- RE: Managed Security Metrics Mike Smith (Mar 06)
- Re: Managed Security Metrics Adam Shostack (Mar 09)
- RE: Managed Security Metrics R. DuFresne (Mar 09)
- RE: Managed Security Metrics Crumrine, Gary L (Mar 07)
- Re: Managed Security Metrics Jack McCarthy (Mar 07)