ISSA and ISACA Membership and Other Means of Verifying the Quality of a Cyber Security Service

Most small businesses have as great a need for cyber security services as large corporations. Their problem is that these operations cannot afford to maintain large security departments, especially those companies employing fifty persons or less. This is when many businesses otherwise not requiring a permanent IT staff turn to Managed Security Service Providers (MSSP) to fulfill this function.

The pitfall lies in finding the right third party service to entrust with the company’s most sensitive files. As in so many other areas of business, there are legitimate players and unreliable agencies both competing in the market. The latter are not fully qualified to handle the tasks they’re commissioned for. These operations may actually be worse than useless when it comes to the vital task of securing one’s data.

The functions of an MSSP include the management of intruder detection, setup and monitoring of firewalls, installing patches and upgrades to security software, and real-time response to emergencies. A legitimate and capable MSSP will conduct regular security audits in order to track the performance of all security measures and of the MSSP itself. This allows the client to know positively whether the security service is doing its job effectively. One danger signal of an unreliable MSSP is if they cannot or will not provide such an audit, or overcharges for such a basic check. The MSSP should also be fully cognizant of the company’s particular operational plan. This allows the security people to anticipate future needs as well as to schedule monitoring sessions through any given time period.

One means by which an MSSP may establish its reputation is through membership in either or both the ISSA and ISACA. The Information Systems Security Association is an international non-profit organization of IT security professionals, while the ISACA is a professional organization focused on IT system governance. These bodies hold regular annual conferences of cyber security professional organizations to exchange ideas and coordinate. Demonstrating their credentials in both IT engineering and business is another check potential clients have upon the agency they would engage. A quality MSSP will have a track record with current and previous clients that will be easy enough to verify. This can be done by examining online biographies and, last but not least, asking fellow business owners and IT professionals about the agencies they use and what made them their preferred choice.