Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work during normal business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed Security Service (MSS) to monitor events.
Which of the following should the company do to ensure that the chosen MSS meets expectations?
A . Develop a memorandum of understanding on what the MSS is responsible to provide.
B . Create internal metrics to track MSS performance.
C . Establish a mutually agreed upon service level agreement.
D . Issue a RFP to ensure the MSS follows guidelines.
Answer: C
Leave a Reply