I work for Icons and we do info security assessments for large and small, public and private organizations. We review network security and also have experts in application security. You can find more details at our website or send me email.
To briefly answer your questions from my perspective:
-look for certified experts (i.e. CISSP, CISA) who have significant experience in security and distributed computing with tech and management expertise
-penetration testing is necessary but not sufficient; look for folks who thoroughly review the security/app architecture
-make sure the assessment team has knowledge of your business/organization so they understand the criticality of various information/data
-we try to present our assessment findings to high level management(sometimes the board) to gain buy-in
-our team suggests performing quarterly assessments
Hope that helps -best of luck
Slashdot Mirror
I work for Icons and we do info security assessments for large and small, public and private organizations. We review network security and also have experts in application security. You can find more details at our website or send me email.
To briefly answer your questions from my perspective:
-look for certified experts (i.e. CISSP, CISA) who have significant experience in security and distributed computing with tech and management expertise
-penetration testing is necessary but not sufficient; look for folks who thoroughly review the security/app architecture
-make sure the assessment team has knowledge of your business/organization so they understand the criticality of various information/data
-we try to present our assessment findings to high level management(sometimes the board) to gain buy-in
-our team suggests performing quarterly assessments
Hope that helps -best of luck