I apologize for discussing this topic on this list. I felt that this is the most appropriate list to discuss this subject: I have been "un-officially" the security professional for our organization for a few years now. I have began to implement a security infrastructure for our organization. I soon expect to be officially assigned the title. I will be making a presentation to our Data Processing board in the next month regarding security in our organization and plan on addressing the following issue in my presentation: I am aware that they want to hire outside consultants to perform the security tasks in our organization. Due to the size of our organization, the Data Processing board is not aware of what has already been implemented regarding security in our organization. I don't intend this to be a flame-war, however, I am seeking input as to what other organizations are doing regarding security professionals hired inside the organization versus hiring outside consultants to perform these tasks. I feel there should be some combination (balance) of inside security professionals developing and maintaining a security infrastructure and outside consultants doing period security audits. I am seeking input from my peers on the list as to how they feel about inside security professionals versus outside security professionals or some combination thereof. I am trying to gain a consensus on this subject. Your input and justification is greatly appreciated. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
