Jericho Forum publishes infosec buyers’ guide

"It is not a definitive reference guide to buying security products, but is intended to give some key pointers about what to look at and some of the nasty questions to ask suppliers", says Paul Simmonds, co-founder and board member of the Jericho Forum.

The guide has been published to coincide with the Infosecurity Europe 2011 show at Earls Court, London from 19 - 21 April.

The guide lists things to consider before talking to suppliers, such as the current business priorities, strategy and collaboration plans.

Getting the basics right is important, says Simmonds, such as understanding what is on the network, what each device is, what state it is in, and who is responsible for managing it.

Going into a conversation with suppliers, he says, businesses should understand their connections with the outside world, how their users and partners interconnect to the business and its data, and where corporate data is used.

The guide lists things that are perhaps not on company networks that businesses should also consider from a security point of view, such as mobile devices the company does not own, but that consume corporate data.

A section of the guide is dedicated to questions that should be asked when implementing new solutions and what things to thing about to assess how well new systems will fit in with the existing IT infrastructure.

The guide includes top tips from chief information security officers, such as reviewing existing estates to eliminate old and obsolete products where possible.

"If you are ripping out competitor products, often vendors will offer extra discounts," the guide says.

There are key questions for businesses to ask themselves and prospective suppliers, and specific guidelines for outsourcing and using software as a service.

The guide includes advice on measuring the effectiveness of security, getting the most out of existing security investments, and guidelines on data protection.

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?