[unisog] Outsourcing security scanning (internal and external)

Greg Francis francis at gonzaga.edu
Fri Oct 7 08:00:39 GMT 2005

We are currently considering whether or not to outsource penetration 
testing from off-campus such that testing will be done frequently 
(monthly?) versus a periodic audit which we have already outsourced in the 
past. We're also considering outsourcing the same functionality except on 
the inside of the firewall.

At present, we do some scanning with NMAP and Nessus but there are 
concerns from management that our efforts are inadequate and our 
reliability is low. We are making improvements but I question how much we 
should focus into that area if it's going to be outsourced anyway. Our CIO 
thinks that outsourcing both tasks may be more cost effective and appease 
management more.

Are there any schools out there that have outsourced either external 
scanning? If so, how frequently is the scanning done? Do you have a vendor 
that you recommend and what is their general cost?

Any input is highly appreciated.


Greg Francis                                Gonzaga University
Sr. System Administrator                    Spokane Washington
francis at gonzaga.edu                         509-323-6896

More information about the unisog mailing list