- Not Anymore, Continued
- Known Vulnerabilities and Known Exploits
- Targeted Threats
- Critical Systems and Threats
- Regulatory Issues
- A Word About the Long Term: IPv6
- The Organizational Security Posture
- What Parts of Constant Vigilance Should I Outsource?
- What to Keep
- Who to Seek
- You Have Just Charted a Course: Let's Set Sail
Who to Seek
Constant vigilance is best undertaken by a party that has significant scale and that maintains a client base that spans your industry and the parts of the world in which your extended enterprise does business. On the technology side, there are some good local shops, but I recommend the strength in numbers and working with a Symantec, Redhat, or ISS. On the consulting side, going with a big four such as Deloitte, PWC, KPMG, or Ernst and Young, or one of the global consulting firms that has a strong security area (not just a pretty brochure, but lots of people and lots of R&D) is advisable, because they all have very structured approaches to security. In both cases, again, make sure that policies remain in your control and conduct an internal audit of your business requirements and an external audit of your third party at least annually.