Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


HOW AND WHEN TO USE AN IT SECURITY CONSULTANT

Source: E-Security Today

Posted on July 2, 2001

      No one has escaped the "softening" of the economy; most industry sectors have been affected. Not surprisingly, however, the security industry - although it certainly has taken a hit - seems to be holding its own. After all, technology is still big business, and organizations are increasingly concerned about the security of both their internal and external applications and e-business initiatives.

      But it's not always practical to accomplish all of your security objectives with in-house personnel. In fact, according to a "Smart Security" survey by Smart Reseller magazine done last year, more than 25% of solutions providers received at least one security-related call per week. And more than 60% received calls from customers looking for security help at least once a month.

      According to Eran Feigenbaum, senior manager in the security integration practice with PriceWaterhouseCoopers, there are many things to consider when investigating and selecting a security consultant for your project.

      "Security engagements generally fall into two categories," said Feigenbaum. "Customers need an assessment of security vulnerabilities or an actual implementation." Attacks and penetration of corporate networks, security reviews and vulnerability assessments top the list. Implementation assignments typically focus on PKI implementations, IDS or single sign-on. Firewalls and antivirus software have become more commoditized products and are no longer on the top of the customer list for consulting needs.

      The motivation to use consultants for e-business engagements requiring strong security includes the fact that the consultant has specialized skills with products in the arena, the consultant can provide an impartial and objective assessment of the customer's needs, and consulting is a cost-effective method of getting security solutions installed. In addition, you can hold the consulting organization accountable, for the most part, for the results. So what do you look for when select a security consultant? Feigenbaum cites a number of important criteria.

      "The relationship with the customer is vital," says Feigenbaum. "Many large organizations have engaged with consulting organizations previously, and there's a rapport and trust that's developed that can't be discounted. You want a win-win relationship, with mutual respect and the ability to be honest, but yet accountable."

      In addition, it's extremely important that you research the specific capabilities of the consultant. They should have customer references that have contracted with the organization for similar implementations. Ask specific questions about the how the consultant will scope the project, standards, knowledge transfer and resource changeover when the project is complete. Depending on the implementation, your infrastructure could be significantly affected, so buttoned-up project management by the consultant is critical.

      "It's possible that you can negotiate timeline penalties with your consultant in order to provide a 'guarantee' of sorts that the project will be completed on budget and on-time," comments Feigenbaum. "In addition, the consultant may propose the flip side: a bonus for completing the project on, or before, the deadline and below budget."

      "Of course, there are many things that should be red flags in looking for a security consultant," reports Bob Pritchard, RSA Security vice president of corporate development and partner marketing. "Don't always look for the integrator with the lowest project bid. Pay close attention to the compendium of experience of the consultant. And make sure they have taken the time to understand your business and your requirements."

      If the accountability between client and consultant is kept at a high level, the project scoping and tracking remains tight, and there are clear objectives and assumptions, using a consultant for your most important e-security implementations can result in a successful, and possibly long-term partnership.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.