Post from Bruce Schneier on SIMS and outsourcing

Oct 21st, 2004

Comments: 0
Category: General Security

Post from Bruce Schneier on SIMS and outsourcing

There’s an interesting post over at Schneier on Security: Security Information Management Systems (SIMS).
This post touches on 2 current security issues, firstly managing the ever growing amounts of security-related log information and secondly the outsourcing of security related tasks.
On the subject of the use of outsoucers for security monitoring, I must say that I’m not wholly convinced that passing the information to a 3rd party is the best way to handle it. My reservations centre around the fact that someone who doesn’t work for an organisation has a lot less information on which to base decisions relating to the information being analysed.
For example an internal log monitoring team will likely have more information about projects occuring within the company, and the location and roles of IT and other departments, which would help them decide whether a pattern of information in a log is an attack or just the result of a new service that’s being tested.
In the large organisations I’ve seen it can be enough of a challenge for someone working for the company to know what’s going on, on the network, for an outsider it can be next to impossible…..

Add a comment

Your email address will not be shared or published. Required fields are marked *