If you prefer:
Outsourcing to a security-only company.
Outsourcing to a general IT services company.
Doing security in-house.
If you go with managed security partners, are you comfortable if they:
Hire ?white-hat? hackers?
Create vulnerabilities in their lab?
Have contests to hack systems?
Run highly visible publicity campaigns? If your managed security partner detects a breach of security, do you want to:
Work with them to catch the intruders and prosecute?
Simply have your partner secure the network, not taking further action against intruders? If you go with in-house security, do you want to:
Do everything in-house?
Outsource the commodity hardware but keep the policy?
Outsource audits and assessments only?
