Canadian Security Guards Forum

Canadian Security Guard Forum is...


The best forum about the Canadian security guard profession.

Please register on our forum and participate by sharing your experience and knowledge.

We welcome members and input from around the world.
Canadian Security Guards Forum

Discussions for private security officers and management, everything related to contract or full-time guard services.

Become a sponsor and place you 468 x 60 banner here.

Latest topics

» Hello from Toronto!
Sun Jul 16, 2017 12:29 am by kevinla

» Professionalizing security
Tue May 23, 2017 12:02 pm by PSKN

» Housekeeping Service Providers in Delhi
Mon May 08, 2017 1:45 am by nandnisharma

» Security Coffee
Fri Apr 14, 2017 10:46 pm by Admin

Become a sponsor and place you 125 x 125 banner here.

Managed security service

Share
avatar
StevenWS

Posts : 40
Points : 65491
Reputation : 0
Join date : 2013-12-23
Age : 50
Location : Alberta

Managed security service

Post by StevenWS on Sat Feb 15, 2014 1:07 pm

Six Categories of Managed Security Services[edit]
On-site consulting
This is customized assistance in the assessment of business risks, key business requirements for security and the development of security policies and processes. It may include comprehensive security architecture assessments and design (include technology, business risks, technical risks and procedures). Consulting may also include security product integration and On-site incident response and forensics.
Remote perimeter management
This service installs and upgrades the firewall, Virtual Private Network (VPN) and intrusion detection hardware and software, commonly performing configuration changes on behalf of the customer.
Product resale
Clearly not a managed service by itself, product resale is a major revenue generator for many MSS providers. This category provides value-added hardware and software for a variety of security-related tasks.
Managed security monitoring
This is the day-to-day monitoring and interpretation of important system events throughout the network, including unauthorized behavior, malicious hacks and denials of service (DoS), anomalies and trend analysis. It is the first step in an incident response process.
Penetration and vulnerability testing
This includes one-time or periodic software scans or hacking attempts in order to find vulnerabilities in a technical and logical perimeter. It generally does not assess security throughout the network, nor does it accurately reflect personnel-related exposures due to disgruntled employees, social engineering, etc.
Compliance monitoring
This includes monitoring event logs not for intrusions, but change management. This service will identify changes to a system that violate a formal security policy for example, if a rogue administrator grants himself or herself too much access to a system. In short, it measures compliance to a technical risk model.
The decision criteria for engaging the services of an MSSP are much the same as those for any other form of outsourcing: cost-effectiveness compared to in-house solutions, focus upon core competencies, need for round-the-clock service, and ease of remaining up-to-date. An important factor, specific to MSS, is that outsourcing network security hands over critical control of the company's infrastructure to an outside party, the MSSP, whilst not relieving the ultimate responsibility for errors. The client of an MSSP still has the ultimate responsibility for its own security, and as such must be prepared to manage and monitor the MSSP, and hold it accountable for the services for which it is contracted. The relationship between MSSP and client is not a turnkey one.[1]
An MSSP may offer any of the following services:

  • regular vulnerability assessments, whose reports are given to the client, and penetration testing[1][2]
  • management of the client's network firewall, including monitoring, maintaining the firewall's traffic routing rules, and generating regular traffic and management reports[1]
  • intrusion detection management, either at the network level or at the individual host level, providing intrusion alerts to a client, keeping up to date with new defenses against intrusion, and regularly reporting on intrusion attempts and activity
  • providing mitigation support after an intrusion has occurred, including emergency response and forensic analysis[1][2]
  • content filtering services, for electronic mail (i.e. email filtering) and other traffic[2]
  • data archival[2]

Although the organization remains responsible for defending its network against information security and related business risks, working with an MSSP allows the organization to focus on its core activities while remaining protected against network vulnerabilities.
Business risks can result when information assets upon which the business depends are not securely configured and managed (resulting in asset compromise due to violations of confidentiality, availability, and integrity). Compliance with specific government-defined security requirements can be achieved by using managed security services.[3]
Industry Terms[edit]

  • Asset: A resource valuable to a company worthy of protection.
  • Incident: An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an asset.
  • Alert: Identified information, i.e. fact, used to correlate an incident.

Managed Security Services for Mid-Sized and Smaller Businesses[edit]
The business model behind managed security services was commonplace among enterprise level companies, provided by large IT security experts. The model was later adapted to fit medium sized and smaller companies (SMBs - organizations up to 500 employees, or with no more than 100 employee at any one site) by the value-added reseller (VAR) community, either specializing in managed security or offering it as an extension to their managed IT service solutions.‘’SMBs’’ are increasingly turning to managed security services for a number of reasons. Chief among these are the specialized, complex and highly dynamic nature of IT security and the growing number of regulatory requirements obliging businesses to secure the digital safety and integrity of personal information and financial data held or transferred via their computer networks.
Whereas larger organizations typically employ an IT specialist or department, organizations at a smaller scale such as distributed location businesses, medical or dental offices, attorneys, professional services providers or retailers do not typically employ full-time security specialists, although they frequently employ IT staff or external IT consultants. Of these organizations, many are constrained by budget limitations. To address the combined issues of lack of expertise, lack of time and limited financial resources, an emerging category of managed security service provider for the SMB has arisen.
Services providers in this category tend to offer comprehensive IT security services delivered on remotely managed appliances or devices that are simple to install and run for the most part in the background. Fees are normally highly affordable to reflect financial constraints, and are charged on a monthly basis at a flat rate to ensure predictability of costs. Service providers deliver daily, weekly, monthly or exception-based reporting depending on the client’s requirements.[4]
See also[edit]

  • Information security operations center

References[edit]

  1. Jump up to:a b c d e Sudhanshu Kairab (2004). A Practical Guide to Security Assessments. CRC Press. pp. 220–222. ISBN 9780849317064.
  2. Jump up to:a b c d Brian T. Contos, William P. Crowell, Colby Derodeff, Dan Dunkel, and Eric Cole (2007). Physical and Logical Security Convergence. Syngress. p. 140. ISBN 9781597491228.
  3. Jump up^ [1] Outsourcing Managed Security Services
  4. Jump up^ [2] How to make the most of managed security services


Further reading[edit]

  • A blog about MSS Security Operations Center management
  • Amanda Andress (2003). "Managed Security Services". Surviving Security. CRC Press. pp. 353–358. ISBN 9780849320422.
  • Roberta Bragg, Mark Rhodes-Ousley, and Keith Strassberg (2004). "Managed Security Services". Network Security. McGraw-Hill Professional. pp. 110–113. ISBN 9780072226973.
  • C. Warren Axelrod (2004). Outsourcing Information Security. Artech House. ISBN 9781580535311.


_________________
Steven WS

http://www.lakelandsecurityservices.ca/

Torontosecurity

Posts : 77
Points : 62880
Reputation : 3
Join date : 2014-02-13

Re: Managed security service

Post by Torontosecurity on Wed Feb 26, 2014 10:15 am

In computing, managed security services (MSS) are network security services that have been outsourced to a service provider. A company providing such a service is a managed security service provider (MSSP)[1] Also Managed security services (MSS) is a systematic approach to managing an organization's security needs. The services may be conducted in house or outsourced to a service provider that oversees other companies' network and information system security. Functions of a managed security service include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies. There are products available from a number of vendors to help organize and guide the procedures involved. This diverts the burden of performing the chores manually, which can be considerable, away from administrators.


_________________
http://www.torontosecuritycompany.ca/

Torontosecurity

Posts : 77
Points : 62880
Reputation : 3
Join date : 2014-02-13

Re: Managed security service

Post by Torontosecurity on Thu Mar 20, 2014 4:41 am

Managed security monitoring
This is the day-to-day monitoring and interpretation of important system events throughout the network, including unauthorized behavior, malicious hacks and denials of service (DoS), anomalies and trend analysis. It is the first step in an incident response process.
Penetration and vulnerability testing
This includes one-time or periodic software scans or hacking attempts in order to find vulnerabilities in a technical and logical perimeter. It generally does not assess security throughout the network, nor does it accurately reflect personnel-related exposures due to disgruntled employees, social engineering, etc.


_________________
http://www.torontosecuritycompany.ca/

ferrellforte

Posts : 7
Points : 60717
Reputation : 5
Join date : 2014-03-27

A clear definition for Managed security services

Post by ferrellforte on Fri Mar 28, 2014 2:22 am

In computing, managed security services are network security services that have been outsourced to a service provider. A company providing such a service is a managed security service provider Also Managed security services is a systematic approach to managing an organization's security needs.
avatar
BryanM35

Posts : 111
Points : 43175
Reputation : 5
Join date : 2015-03-15
Age : 36
Location : San Diego, CA 92037

Re: Managed security service

Post by BryanM35 on Wed Apr 22, 2015 6:52 am

It is important to have managed security services for your property.security devices can help security guards to Identify, track and manage all visitors in buildings to ensure that visitors are safe and secure and visitor information is easy to access in real-time and can be exported and printed in case of emergency.

    Current date/time is Sun Jul 23, 2017 2:38 am