To answer this question, CIOs must weigh the benefits of continued training and specialization for in-house personnel against the cost of using a managed security services provider (MSSP) for such functions as monitoring firewall and intrusion detection logs.