Originally posted here by Tiger Shark
[B]SS2:



Sorry, the "yawn" was directed at political correctness in general, not at you personally. I'm just getting a bit fed up of political correctness.... A spade is still a spade no matter what you call it.
Undoubtledly, but screw it up and you will DoS yourself.... Been there....
Goes without saying really.
I'm about as far from PC as you can get. I'm afraid my point here was missed.


Er.. The risk assessment should dictate the level of protection needed by a company and therefore it's cost. If we are talking about Joe's Bait Supply that has no "secrets" on the network, 4 workstations and no public services then an IDS is not warranted - A simple firewall blocking all external access is all that is really required along with automatic updating of patches immediately they come available and functional AV.

You seem to be treating IDS an an essential item, which it is not. However, if it is warranted then the vast majority of the cost goes towards an admin capable of implementing, managing and interpreting the system. Fail to have that admin and the IDS becomes a nice anchor.
Wait in your 1st post, you said
"Some form of IDS is absolutely necessary."
I don't remember saying saying anything was essential.


That's a given. But our supervisors see our employees daily. They inform me if they have concerns about any given employee and they go on the "Watch List". I can't see your employees managing my IDS. I have no idea whether they are happy or not and I sure as hell can't monitor their activity..... Even though they have all the information they need to compromise my network. Sorry, but that contravenes the most basic rule of any kind of security - limit access and knowledge to _only_ those who require it. If you have secrets worth keeping then, from a security standpoint, you are better off hiring in a specialist than outsourcing and giving them the "keys".
Limited access can be properly afforded to a contractor.
EXAMPLE:
Northrop Grumman is a contractor I do business with.
They are a very large contractor doing businness with very large companies.
We do work up there in Battlecreek for DLA/DLIS via NG
Although you elude to ma and pa type of work, this is not my main point of reference.
We do however try not to forsake the little guy.
We will do honest business with whomever.

You are in the business to make money.
Yes and if I didn't have to work, I would be in Belize fishing my life away.
While having to work, making money is a motivator. Guilty as charged.

I'm sure if you scrutinized all the contracts you hold and the implementations you have in place you would admit that there are a good proportion of customers who have been "over-sold" your products.... Because you could....
Oh jeeeze, not another contractor cliche...
It's a mistake to presume you know me or how I do business.
You often use words like "most".
My turn.
Most government agencies use contracted work. Very few direct hires
Just becuase they are onsite does not mean they are not a contractor

Most large companies use a percentage of contracted IT and that percentage is growing
year to year.

I have a stack of RFPs defining companies dis-satisfaction with their current internal IT staff and are desperate learn of alternatives.
I am not saying and have never said contracting is better or worse, only that it's a reality of my life.