[unisog] Outsourcing security scanning (internal and external)
francis at gonzaga.edu
Fri Oct 7 08:00:39 GMT 2005
We are currently considering whether or not to outsource penetration
testing from off-campus such that testing will be done frequently
(monthly?) versus a periodic audit which we have already outsourced in the
past. We're also considering outsourcing the same functionality except on
the inside of the firewall.
At present, we do some scanning with NMAP and Nessus but there are
concerns from management that our efforts are inadequate and our
reliability is low. We are making improvements but I question how much we
should focus into that area if it's going to be outsourced anyway. Our CIO
thinks that outsourcing both tasks may be more cost effective and appease
Are there any schools out there that have outsourced either external
scanning? If so, how frequently is the scanning done? Do you have a vendor
that you recommend and what is their general cost?
Any input is highly appreciated.
Greg Francis Gonzaga University
Sr. System Administrator Spokane Washington
francis at gonzaga.edu 509-323-6896
More information about the unisog