ABSTRACT
This chapter covers methods for evaluating and selecting security products and services, including how to develop a critical review process and who should be included in the review process. It examines the process of evaluating security products and security services prior to acquisition. Background is provided on the type of security products or services an organization may be considering to protect against insider breaches. The chapter also provides checklists that can be helpful in the evaluation process, and explains the types of technology needed to secure an organization from insider violations and the types of computer technologies that are vulnerable to insider breaches. It reviews the need for securely disposing electronic media and sensitive paper documents and the challenges of acquiring good security products and services and sources of information for evaluating security products and services. The chapter discusses the straightforward methods to evaluate security products and services.
