Hi Fellow Ethical Hackers,

After attaining some certifications and courses on Info Sec, I was asked by my boss about starting a security consulting division for our firm. So, the purpose of this post is to discuss the various services that a security consulting can offer like, pen testing, security awareness training etc. I would like request the security professionals of this web portal to guide us on this matter.

Also, is there any legal aspect that needs to be taken care before getting into security consulting?

Any guidance on preparing a Business Plan for the same would be of great help.

Regards and best wishes,

The Morpheus

Well you can also get into writing policies for the companies.
Policies like Network Security Policy, Physical Security Policy, Email policy, Storage Policy, Disaster Recovery Policy, Backup Policy and things like these.
If you want any help regarding how to create these Policies, let me know, as I have some specimen of these policies. Maybbe it helps !

And above all, as Kev states, consider all the legal issues and be armed with the proper tools and techniques while doing the pen tests.

Prepare some slides as to give a picture of your cunsulting service which includes the things you'll do for the company. Inform te clients that you'll be sending the audits on regular basis ( or whatever time interval you have decided) with rigorous analysis.

All the best !

Here is a great resource for Policies http://www.dir.state.tx.us/security/policies/templates.htm. 

Although these are developed to help the State of Texas Agencies and Universities spin up a security program they are generic enough to use anywhere.

Good Luck,
Cutaway