The exponential rise in security incidents has caused many businesses to look hard at getting their own houses in order before they become the next headline. As part of those efforts, businesses are turning to security consultants to perform audits, penetration testing and other assessments of their systems. These are admirable activities, worthy of consideration by any prudent organization. But these engagements should be entered into with all the care that a business would use in any other transaction in which a third party is granted access to the company’s most sensitive systems and data. Unfortunately, this is seldom the case.
All too often, in their rush to move forward with these assessments, businesses fail to adequately address the most fundamental of contract terms. Cost overruns are common. In some instances, security consultants create more risk than they resolve.
In hiring a potential security consultant, businesses should consider the following best practices:
To continue reading this article register now