Hey everyone.

Just a few questions about setting up an Information Security Company.

What goes into setting up an Information Security Company?
In general how much would a Penetration Test cost?
How many employee's would be on a team?

and anything else that one would need to setup.

The reason im asking is, i'm doing a collage project on setting up a company.

Thanks again.

Yes, legal work would be another step in the process.  Is there any case studys done on a company that started up from scratch, that might explain the process? Size of office space, what equipment would be needed etc, etc...

Thanks again.

First of all: I don't work in InfoSec
But I do understand a lot business processes and the Information Technology Industry. As mentioned in previous posts Legals would be a big part. I think it would be worth researching compliance (EG/ What businesses are required to do by law). As I do not work in Pen Testing I'm not 100% sure how much they charge and it would depend on a lot of influencing factors including the cost of contractors, location of the client, size of the client, the scope of the client etc.

The more employees the better I would imagine. If you had say 2 employees working directly in pen testing it could take a considerable amount of time to test a large company. This won't be suitable for the big companies. No good discovering flaws when the malicious hackers have found them quicker then yourself! If you had say 10-15 pen testers, then you could do some serious work. You could divide the team into individual areas of the project at hand. It's all in perspective. You need to strike a good balance between clients and their requirements.

Any other questions, just ask.