>> I think the hardest part about choosing a consultant is finding someone
>> you trust.
>
>>From memory in the one of the recent SANS documents states that current best
>practice is to do three audits a year, ...
> ... However this could
>end up with 3 times the rubbish if you are not careful...
This will sound self-serving, and there's no helping that, but I don't mean
it to be. It is true that security consultants are coming out from under
the woodwork. It is true that many large companies -- especially those who
provide audit services, companies who manufacture computers and produce
operating systems, and those who have previously done PC consulting, now
advertise "Now we're also the Internet security experts!" And it is true
that some of these experts don't know much.
In any case you should ask for references and speak to the references. Go
with recommendations from others. If you use a large consulting firm, do
this for the individual they are assigning to the project, not just the
company itself. Then understand how much of this senior consultant's time
will be on your project vs the time of other more junior people.
Fred
Avolio Consulting
16228 Frederick Road, PO Box 609, Lisbon, MD 21765
410-309-6910 (voice) 410-309-6911 (fax)
http://www.avolio.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
