Hello everyone. I am looking for opinions on a few subjects. Care to
1) Justification comments concerning what value is added when they buy in
to purchasing and deploying threat management techniques and hardware?
2) At which point do you think you have fulfilled due diligence
requirements when employing firewalls, IDS, Usage tracking etc.?
3) Outsourcing. Does it make sense? Is there an expectation of good
return on your investment? Are they trustworthy?
4) Periodic review/certification of systems. Are they a necessary evil?
How often should they be accomplished?
Thanks in advance. I appreciate your ideas