Due to a new regulation, a company has to increase active monitoring of security-related events to
24 hours a day. The security staff only has three full time employees that work during normal
business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to
meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed
Security Service (MSS) to monitor events. Which of the following should the company do to
ensure that the chosen MSS meets expectations?
A.
Develop a memorandum of understanding on what the MSS is responsible to provide.
B.
Create internal metrics to track MSS performance.
C.
Establish a mutually agreed upon service level agreement.
D.
Issue a RFP to ensure the MSS follows guidelines.