Cyber-Security-Monitoring-Guide

Cyber Security Monitoring and Logging GuideThe supplier selection processIf your organisation decides to appoint an external provider of cyber security monitoring and logging services, whateverapproach you choose it is important that you appoint a supplier who can most effectively meet your requirements – and ata reasonable cost.Suppliers of technical security services identified that there are two main types of client for cyber security monitoring andlogging services, those that are looking for:• A ‘tick box’ solution (often in highly regulated industries), logging the bare minimum needed to meet audit,compliance and regulatory requirements• Cyber security as they are concerned about security breaches and attacks – and want to be more proactive.There is often a good deal of overlap between the monitoring required for complianceand that needed to improve cyber security. So by using a provider able to meet bothcompliance and cyber security requirements, you may be able to achieve cost-effectivesecurity through a relatively small uplift to basic compliance expenditure.This raises many questions that you will need to answer, such as:• What type of service do I need?• How much service do I buy?• Who do I buy it from?• How much will it cost?• What do I need to look for from a potential supplier?Consequently, a systematic, structured process has been developed to help you select a suitable supplier, as shown inFigure 12 below.AUnderstand thebenefits of usingexternal suppliersDAppoint appropriatesupplier(s)BDetermine whichactivities should beoutsourcedCDefine supplierselection criteriaFigure 12: The supplier selection processEach of these steps is outlined throughout the rest of this chapter.Each of these four phases is examined in detail in the companion CREST report CyberSecurity Incident Response – Supplier Selection Guide.47