Robertson suggests the following questions every company should ask before they select an ASP.

1. How does your ASP prove information security due diligence?
2. What is the historical performance of your ASP in terms of incidents relating to infrastructure and/or customer activity?
3. How does your ASP proactively address the flood of new vulnerabilities and patches?
4. Does your ASP have an ongoing information security program?
5. What internal policies does your ASP have in place to ensure policy compliance of human resources, Internet security, remote access, help desk, administration, etc.?
6. How would your ASP handle availability issues if access to their facility weren't possible?
7. How does your ASP handle Denial of Service (DoS) attacks?
8. How does your ASP handle authentication of customer-driven changes?
9. What has your ASP done in terms of the physical security of their data/security operation center, and is that security validated by an independent third-party expert?
10. Does your ASP pre-notify their customers about changes to its infrastructure, and is there a way to reach them after hours?

This list is also at http://www.trusecure.com/html/news/press/asp.shtml.

“It is more important than ever to have appropriate security measures in place,” says Robertson. “A greater level of security should be at the forefront of companies’ minds. Companies need to be asking their application service providers these questions so that their businesses are not affected by poor information security management.

About the Expert

Paul Robertson is director of risk assessment at TruSecure and an internationally recognized security expert. Mr. Robertson is a contributing writer to Information Security magazine, the industry’s leading trade publication, providing news, analysis, insight and commentary on today’s infosecurity marketplace. He has more than 16 years of experience in TCP/IP, Internet services and software as they relate to computer, network, and information security. Prior to TruSecure, Mr. Robertson was a lead analyst for the Gannett Company where he assisted in the planning of USAToday.com, the online site for the top circulation daily newspaper in the U.S. and one of the most heavily trafficked sites in the world. Prior to Gannett, he worked for the United States Armed Forces where he provided computer and telecommunications support for the White House staff.

About TruSecure Corporation

TruSecure is the leading Managed Security Services Provider (MSSP), offering the only fully integrated, enterprise risk management services on the market. TruSecure’s unique blend of proactive risk reduction with real-time security management, monitoring and response assures continuous security of critical business information assets. TruSecure Certification has become a globally recognized symbol of commitment to effective security in an interconnected economy. Additionally, TruSecure owns the independently operated ICSA Labs and Information Security magazine. Headquartered in Herndon, VA, TruSecure protects more than 700 sites in over 30 countries, with operations in North America, Europe and Asia Pacific. For more information about TruSecure, please visit www.trusecure.com.

###

TruSecure, ICSA, and Information Security are registered trademarks of TruSecure Corporation. All other trademarks and service marks mentioned herein are property of their respective owners

********************* 
Alice Hwang 
Schwartz Communications 
Prospect Place, 230 Third Ave 
Waltham, MA 02451 
p. 781-684-0770 
f. 781-684-6500 
ahwang@schwartz-pr.com 

Contacts: 
Cynthia S. Smith 
TruSecure Corporation 
(703) 480-8509 
csmith@trusecure.com 

Nicole Cuda/Sherry Moskowitz 
Schwartz Communications, Inc. 
(781) 684-0770 
trusecure@schwartz-pr.com

For media interested in speaking with Mr. Robertson, please contact Cynthia S. Smith of TruSecure Corp. at (703) 480-8509 or csmith@trusecure.com, or Nicole Cuda or Sherry Moskowitz of Schwartz Communications at (781) 684-0770 or TruSecure@schwartz-pr.com.