Originally posted here by Tiger Shark


Budget is practically irrelevant. If you don't have the staff with a level of competence to be able to set up snort boxes, manage them and understand the output then the high priced fancy boxes will do nothing for the company except provide a false sense of security.

Outsourcing: See above.... and you are trusting someone else with your security.... Hope they don't disgruntle their employees 'cos it mught be your butt going on the line.....
Budget is 100% relevant. Every entity shopping for a security solution will not all have the same
needs with respect to which configuration is correct. It is not an all or nothing proposition.
IS/IT risk management does not dictate this approach and I feel it is a UTOPIAN notion at best.

A small business can have properly configured systems and networking on a limited budget.
Nothing is ever 100% secure but you can limit risk and exposure.
I like to use the term "managed" instead of "outsourced".
Managed firewalls and IDS implementations are a fine choice for a small business and an
affordable/trustworthy management team can be found.

The risk of using a bonded security management company is not much different than trusting the heart of a company to a disgruntled internal IT team member.