There's an interesting post over at Schneier on Security: Security Information Management Systems (SIMS).
This post touches on 2 current security issues, firstly managing the ever growing amounts of security-related log information and secondly the outsourcing of security related tasks.
On the subject of the use of outsoucers for security monitoring, I must say that I'm not wholly convinced that passing the information to a 3rd party is the best way to handle it. My reservations centre around the fact that someone who doesn't work for an organisation has a lot less information on which to base decisions relating to the information being analysed.
For example an internal log monitoring team will likely have more information about projects occuring within the company, and the location and roles of IT and other departments, which would help them decide whether a pattern of information in a log is an attack or just the result of a new service that's being tested.
In the large organisations I've seen it can be enough of a challenge for someone working for the company to know what's going on, on the network, for an outsider it can be next to impossible.....


raesene

Security Geek, Penetration Testing, Docker, Ruby, Hillwalking