Penetration Testing mailing list archives
Re: Non pen-test services
From: psthawaii <randy.pacheco () psthawaii com>
Date: Wed, 16 Mar 2011 17:20:04 -0700 (PDT)
I have been doing Pen Testing for Credit Unions for about 3 years. I team up with the financial auditor who gets me all my work. We dont call it pen testing but Risk assessments. Why? Because I do everything you just described when I visit the Credit Union. I make sure that they have DR, procedures, policies, third party access, diagrams, schedules, logs, and so on and so on as if I was their administrator, network admin or directory of IT. I saw that as a huge need when I first began. Our reports are all reflecting the business end of IT and if they are complying. Out of all the Credit Unions we do only 5 have really made all those changes and are now very successful in their operations. cribbar wrote:
I wondered, how many of you work for companies that focus purely on security/pen testing, and how many of your employers/organisations expand and offer other services for external clients, such as looking into their operations, such as their backup/archive policy and procedures, or their disaster recovery plans? I dont see that this is an area most pen test companies offer, which is a shame, as often these companies are highly skilled in the field of ICT, and are often brought in for that very reason, skill above and beyond internal, or a fresh pair of eyes to offer management assurance. If any folk do offer additional services above and pen-testing it would be interesting to know, or is the general consensus our area of expertese is pentesting/security so thats what we stick to? Would also be interested to know what 3rd parties come looking for outside of pen test / vulnerability scans to see if you can provide/offer that to them. Look forward to your feedback...
-- View this message in context: http://old.nabble.com/Non-pen-test-services-tp31164581p31168843.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Non pen-test services cribbar (Mar 16)
- Re: Non pen-test services psthawaii (Mar 19)