Questions tagged [outsourcing]
11 questions
11
votes
4 answers
What should I ask a prospective security consultant?
What should I ask a security consultant to see if they are legitimate or not?
I'm looking to hire someone to perform an assessment, but I'd like to make sure that someone is reputable first.
SLY
- 387
- 2
- 8
7
votes
3 answers
What are the pros and cons of outsourcing an organization's PKI?
I am looking for the pros and cons of outsourcing an organization's Public Key Infrastructure (PKI). I understand that the answer to whether or not to actually outsource is going to depend on the environment and the organization. What are the risks…
sdanelson
- 1,267
- 10
- 21
5
votes
5 answers
Outsourcing software development and its effect on security
Some companies build their own software. Others outsource software development by hiring contractors or other companies to build software they need.
When we need to build new custom software, is there any evidence whether the choice to develop…
D.W.
- 98,420
- 30
- 267
- 572
5
votes
3 answers
What to consider in an SLA to ensure secure software when outsourcing software development?
To ensure secure development in the off shore team what are considerations to be taken into account in the SLA?
I got this as a reference: http://www.it-director.com/enterprise/technology/content.php?cid=10427
Does anyone have any templates and…
Epoch Win
- 922
- 2
- 7
- 14
4
votes
2 answers
What questions should I ask a vendor that provides hosted encrypted email?
I am evaluating a service provider that performs the following functions with email:
A user logs in to a web based application over an SSL connection.
Email is composed in a web browser over the SSL connection.
The email is then sent to the…
Wesley
- 305
- 4
- 13
2
votes
4 answers
Does outsourcing infrastructure services reduce risk (and improve security)?
I've been on a kick mentioning to particular clients to quit managing their own dns, email, blogging platform, file transfer setup, etc. This from observing how poor they are at practicing good defense (e.g. promptly applying security patches) and…
Tate Hansen
- 13,714
- 3
- 40
- 83
2
votes
4 answers
How should one manage authentication on custom line of business software
I am writing line of business software for a company, and we want to authenticate users, so we can manage workflow and do some auditing. Basically my employers don't want me to piggyback off of windows authentication because of certain network…
ExitMusic
- 123
- 4
2
votes
1 answer
Do I have to comply with PCI DSS for bank transfers?
The company I work for is looking forward to make an online store for wholesalers (t-shirts, muggles, office co-branded supplies, etc.) but we don't store, process or transit any card data. The process is as follows: the user gets to our website,…
Alan
- 21
- 2
1
vote
0 answers
Implementation of SQL "LIKE" Operator in Database Outsourcing
Recently, I read some papers about DB Outsourcing that implement aggregate functions over encrypted data. What I want to know, is there a method in DB Outsourcing to implement SQL LIKE operator that supports the queries include this for encrypted…
ThisIsMe
- 25
- 1
- 6
0
votes
0 answers
Recognized complement to OWASP's ASVS requirements
The OWASP ASVS focuses on web-application verification. It is free and recognised worldwide as a good reference to build upon, or simply reuse. It is useful to use it when outsourcing web development.
However OWASP does not provide similar…
niilzon
- 1,587
- 2
- 10
- 17
0
votes
1 answer
What terms should I use to define security assessment work?
Possible Duplicate:
What is the difference between a penetration test and a vulnerability assessment?
I am tasked with hiring a consultant to do an analysis of our infrastructure security for a one-time projected based contract. I would like to…
sammarcow
- 101
- 2