Professional Documents
Culture Documents
Starting the security services is'nt a big thing but delivering it with proper
resources matters.
1. ISO27001 Audit
2. Cyber & Infrastructure Security Audits ---- Intruding in clients DB
3. Governance Risk and Compliance Audit
4. Vulnerability Assessment And Pen Test (VAPT) ---- Intruding in clients DB
5. Process and Policy review Services
5.1 Review the company's IT policies and procedures
5.2 Evaluate the company's IT budget and systems planning documentation
5.3 Review the data center's disaster recovery plan (Till now we are doing Off
site storing of backup data / safe storage)
We are starting a service, so lets start with which we can make a profit out of it
considering the major issues around Info Sec
ANY IDEAS?
Let's pitch it for ISO27001, wait you may ask why not other?
Don't worry we are just begining this process, we will go ahead and intrude in the
clients DB after successfull ISO Audits.
There are two meathods to get a client to sign over a security service and
generally what client requirement is
1. Either the company should have the official certificate from the british council
to perform audits. Plus all the frameworks and
the counter measures should be satisfied by the ISO Policy. (Frame Works 22)
OR
2. The company should have the certified ISO Auditors to perform the audit which is
cost saving and an early start to our services.
ALWAYS REMEMBER Client will never compromise on security issues, He will definetly
pitch for the Verified Auditors.
So Lets start ISO Audits and then get into the Infrastructure Security.