EH-Net

Resources => Career Central => Topic started by: Manu Zacharia (-M-) on February 20, 2007, 08:50:03 AM


Title: Security Consulting Services - What are the services we can offer?
Post by: Manu Zacharia (-M-) on February 20, 2007, 08:50:03 AM
Hi Fellow Ethical Hackers,

After attaining some certifications and courses on Info Sec, I was asked by my boss about starting a security consulting division for our firm. So, the purpose of this post is to discuss the various services that a security consulting can offer like, pen testing, security awareness training etc. I would like request the security professionals of this web portal to guide us on this matter.

Also, is there any legal aspect that needs to be taken care before getting into security consulting?

Any guidance on preparing a Business Plan for the same would be of great help.

Regards and best wishes,

The Morpheus

Title: Re: Security Consulting Services - What are the services we can offer?
Post by: Kev on February 20, 2007, 10:30:02 AM
Congratulations, it can be hard sometime to convince others on the need for security. It can be a little scary for some companies because they feel like they are exposing themselves to an outsider. If you can get beyond that ,then you are ahead. Yes, there are legal things to consider and its important to protect yourself.  Have a very clear document that covers yourself not just on any vulnerability you reveal, but also on any hardware that might go bad during your pen test. Its weird but if any computers  fail while you are doing your pen test, they will try and hold you responsible.

Title: Re: Security Consulting Services - What are the services we can offer?
Post by: boney on February 20, 2007, 11:06:08 AM
Well you can also get into writing policies for the companies.
Policies like Network Security Policy, Physical Security Policy, Email policy, Storage Policy, Disaster Recovery Policy, Backup Policy and things like these.
If you want any help regarding how to create these Policies, let me know, as I have some specimen of these policies. Maybbe it helps !

And above all, as Kev states, consider all the legal issues and be armed with the proper tools and techniques while doing the pen tests.

Prepare some slides as to give a picture of your cunsulting service which includes the things you'll do for the company. Inform te clients that you'll be sending the audits on regular basis ( or whatever time interval you have decided) with rigorous analysis.

All the best !

Title: Re: Security Consulting Services - What are the services we can offer?
Post by: Manu Zacharia (-M-) on February 20, 2007, 11:45:21 AM
Thanks for the guidance Kev and Boney.  :)

Boney - Can I have the specimen copies. I have send a Personal Message to you containing my email ID's.

Thanks in advance

Title: Re: Security Consulting Services - What are the services we can offer?
Post by: Cutaway on February 21, 2007, 11:16:44 PM
Here is a great resource for Policies http://www.dir.state.tx.us/security/policies/templates.htm (http://www.dir.state.tx.us/security/policies/templates.htm). 

Although these are developed to help the State of Texas Agencies and Universities spin up a security program they are generic enough to use anywhere.

Good Luck,
Cutaway

Title: Re: Security Consulting Services - What are the services we can offer?
Post by: BillV on February 22, 2007, 07:23:17 AM
Another good policy link: SANS Security Policies (http://www.sans.org/resources/policies/)


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com