- Not Anymore, Continued
- Known Vulnerabilities and Known Exploits
- Targeted Threats
- Critical Systems and Threats
- Regulatory Issues
- A Word About the Long Term: IPv6
- The Organizational Security Posture
- What Parts of Constant Vigilance Should I Outsource?
- What to Keep
- Who to Seek
- You Have Just Charted a Course: Let's Set Sail
What to Keep
When outsourcing, it is important to remember that you are mainly offloading faultnot risk. Although you have someone to blame should something go wrong, you must also arm yourself with unparalleled constant-vigilance resources and keep some elements of the process. When giving your constant vigilance over to a third party, remember to maintain control of the security policy that you created, which maps regulations and business requirements to threats and delivers a process whereby your organization reviews its constant vigilance in the virtual circle discussed earlier. In addition, you should routinely audit your third-party provider for response times and other key factors that figure into your program.