[logs] Log Monitoring and Device Management Nov 19 2007 01:59PM
saudi sans (saudisans gmail com) (1 replies)

We have currently outsourced security device[firewall, IDS and VPN]
log monitoring to a service provider.

Now we need to outsource the management of these devices like changing
firewall rulebase, updating firewall patches, fine tuning IDS
signatures etc.

Is it advisable to give this also to the same service provider.
Amongst the vendors I am evaluating this service provider has the best
people/SLA and price.

I want to know if I am violating any security principles by combining
monitoring and management by doing this ?Is this an acceptable risk?

If I have to go with same service provider what controls should I put
in place to minimise risk.

LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]

[ reply ]
Re: [logs] Log Monitoring and Device Management Nov 20 2007 09:16AM
pierre-mac pinel (pmpinel gmail com)


Privacy Statement
Copyright 2010, SecurityFocus