1
00:00:00,005 --> 00:00:02,005
- [Instructor] As
organizations seek to outsource

2
00:00:02,005 --> 00:00:05,002
components of their
technology infrastructure,

3
00:00:05,002 --> 00:00:07,009
they often turn to
vendors to perform tasks

4
00:00:07,009 --> 00:00:10,001
that they either consider commodities

5
00:00:10,001 --> 00:00:11,008
or believe can be more efficiently

6
00:00:11,008 --> 00:00:14,007
and effectively performed
by a third party.

7
00:00:14,007 --> 00:00:18,002
In some cases, this means
turning to outside firms

8
00:00:18,002 --> 00:00:21,003
to provide critical security services.

9
00:00:21,003 --> 00:00:23,004
Vendors that provide security services

10
00:00:23,004 --> 00:00:26,000
for other organizations are known as

11
00:00:26,000 --> 00:00:30,008
managed security service
providers, or MSSPs.

12
00:00:30,008 --> 00:00:34,001
MSSPs play a critical
role in the organization's

13
00:00:34,001 --> 00:00:37,002
security program and should
be carefully monitored

14
00:00:37,002 --> 00:00:39,006
to ensure that they are
living up to their status

15
00:00:39,006 --> 00:00:42,006
as trusted partners and
are effectively meeting

16
00:00:42,006 --> 00:00:45,007
the organization's security objectives.

17
00:00:45,007 --> 00:00:49,004
MSSPs vary widely in the
scope of their services

18
00:00:49,004 --> 00:00:53,004
and may perform different
services for different clients.

19
00:00:53,004 --> 00:00:56,007
Some MSSPs take over
complete responsibility

20
00:00:56,007 --> 00:01:00,005
for managing an organization's
security infrastructure.

21
00:01:00,005 --> 00:01:02,006
Others perform a specific task,

22
00:01:02,006 --> 00:01:07,002
such as log monitoring,
firewall and network management,

23
00:01:07,002 --> 00:01:09,006
or identity and access management.

24
00:01:09,006 --> 00:01:12,009
Organizations that are
considering using an MSSP

25
00:01:12,009 --> 00:01:14,006
should develop a written agreement

26
00:01:14,006 --> 00:01:17,001
that outlines clear responsibilities,

27
00:01:17,001 --> 00:01:19,004
provides service level agreements,

28
00:01:19,004 --> 00:01:22,002
and explicitly covers
incident notification

29
00:01:22,002 --> 00:01:23,007
and response practices.