Tips for Outsourcing Your Assessment Needs

Computerworld - When it comes to your networks, there's no such thing as being too safe. Organizations with even a limited Internet presence can be targeted by hackers or hit with viruses, Trojan horses and other malware. Threats don't all originate from the outside, however. Companies of all sizes have seen network damage caused by either careless or outright vengeful employees. Whether the result of intended attacks or innocent activity such as unwittingly downloading an infected application, such damage to an organization can be significant and nasty. With the number of software vulnerabilities increasing dramatically, legislatures are trying to keep pace by enacting laws to maintain or bolster security. Some organizations are finding it a challenge to remain abreast of new laws and ahead of new malware.
Enter vulnerability assessments. VAs allow organizations to pinpoint more accurately where their networks are likely to be weakest. They typically look for vulnerabilities in your organization's IT environment and include several tests on your computers (desktops as well as laptops), your network and your Web applications. Test results will allow your IT staff to correct any weaknesses through reconfiguration or patching as needed.
Each organization must determine whether to have the VA performed by internal staffers or to outsource that service. Having an outside firm perform the VA may be more costly, but it can provide results more quickly and often with more accuracy.
As an alternative, some businesses opt for a middle ground where some portion of the assessments are performed in-house, with the rest left to an outside provider. For example, a professional could design the right protocol for your organization's needs and then train your company's own IT staff to take over those duties in the future.
A combination approach can set specific projects in motion quickly (with outsourcing), leaving follow-up and ensuing projects to your in-house team.
VA as an in-house project will come at a price. The time spent training your staffers to learn the needed skills (which may be totally unfamiliar to them) will take them away from other tasks. If the company budget will allow that downtime, then training may be a good option.
Access to the IT professionals doing the training will be short-lived, however, and as the security environment evolves, your employees will need to be retrained in order to keep up.
Using outsourced professionals can relieve your employees from those added duties, allowing you to be more selective about the VA team members and how long you keep them on, and helping you stay within