Results 1 to 5 of 5

Thread: Security Audit / Penetration Testing

  1. July 14th, 2006, 04:14 AM #1
    Net2Infinity
    Net2Infinity is offline
    Senior Member
    Join Date
    Mar 2004
    Posts
    119

    Security Audit / Penetration Testing

    I have been approached by a large mult inational client that would like me to conduct a security audit for them. I have conducted dozens of secuity audits in the past, but none that are remotely of this magnitude. Therefore I seek recommendations for other firms that may handle such an audit. Of course I would like recommendations from people with first hand knowledge of the proposed companies previous engagements. Obviously the client has a great deal of faith in my abilities, but it is my belief that the project is beyond my scope. I would like to gracefully decline, but at the same time I would love to provide them with a few options.
    Reply With Quote Reply With Quote
  2. July 14th, 2006, 02:03 PM #2
    Egaladeist
    Egaladeist is offline
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    hi Net2Infinity,

    If you are looking for first-hand knowlrdge...

    Of course I would like recommendations from people with first hand knowledge of the proposed companies previous engagements.
    the company's name might help.

    Eg
    Reply With Quote Reply With Quote
  3. July 14th, 2006, 02:18 PM #3
    Cyberruk
    Cyberruk is offline
    Junior Member
    Join Date
    Dec 2001
    Posts
    4

    Suggestions for Good P-Testers

    Where are you located? You would probably be looking at someone in your own country / state / whatever.


    I know for a fact that Assurent (http://www.assurent.com/) is a reliable corporation that has done work for enterprise companies in Canada and elsewhere. I know for a fact that they have done government and banking clients, and numerous other global enterprises.
    Reply With Quote Reply With Quote
  4. July 14th, 2006, 04:33 PM #4
    Net2Infinity
    Net2Infinity is offline
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    Egaladeist,

    Thanks for the reply, but to clarify my post I meant that I would like recommendations from people who have experience with that particular vendor.


    Cyberruk,

    Thanks for the reply, as I will check them out. It is a large corporation with 600 plus locations across South East Asia, UK, and the Northeastern United states. I am located in Alabama, but I don't have a prefence to the corporate location.
    Reply With Quote Reply With Quote
  5. July 15th, 2006, 04:17 PM #5
    thehorse13
    thehorse13 is offline
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    BAE is excellent at this as well as ISS.

    Symantec also offers this service and so does KPMG (Bearingpoint).

    There are endless companies who perform this stuff worldwide. These are the few that come to mind.

    Doing a full audit is VERY time consuming, especially if the client doesn't have policies in place and data classifications and such. You are looking at a heap of work (if you do the job properly). Why? You're looking at a risk assessment, vulnerability scans, threat analysis, baseline configs, policies, procedures, architecture, physical security and regulatory compliance.

    Good luck.


    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules