Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Non pen-test services

From: psthawaii <randy.pacheco () psthawaii com>
Date: Wed, 16 Mar 2011 17:20:04 -0700 (PDT)

I have been doing Pen Testing for Credit Unions for about 3 years.  I team up
with the financial auditor who gets me all my work.  We dont call it pen
testing but Risk assessments.  Why?  Because I do everything you just
described when I visit the Credit Union.  I make sure that they have DR,
procedures, policies, third party access, diagrams, schedules, logs, and so
on and so on as if I was their administrator, network admin or directory of
IT.  I saw that as a huge need when I first began.  Our reports are all
reflecting the business end of IT and if they are complying.  Out of all the
Credit Unions we do only 5 have really made all those changes and are now
very successful in their operations.  



cribbar wrote:


I wondered, how many of you work for companies that focus purely on
security/pen testing, and how many of your employers/organisations expand
and offer other services for external clients, such as looking into their
operations, such as their backup/archive policy and procedures, or their
disaster recovery plans? I dont see that this is an area most pen test
companies offer, which is a shame, as often these companies are highly
skilled in the field of ICT, and are often brought in for that very
reason, skill above and beyond internal, or a fresh pair of eyes to offer
management assurance. If any folk do offer additional services above and
pen-testing it would be interesting to know, or is the general consensus
our area of expertese is pentesting/security so thats what we stick to?
Would also be interested to know what 3rd parties come looking for outside
of pen test / vulnerability scans to see if you can provide/offer that to
them. Look forward to your feedback...



-- 
View this message in context: http://old.nabble.com/Non-pen-test-services-tp31164581p31168843.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: