Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing



Similar documents
PA Consulting Group SFIA Rate_Card G-Cloud IV - Business Intelligence and Advanced Analytics. Business Intelligence and Advanced Analytics

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

Specialist Certificate in Business Relationship Management Syllabus. Version 1.2

Application Guidance CCP Penetration Tester Role, Practitioner Level

Intermediate Certificate in Energy and Cost Management in the Data Centre Syllabus

Common ICT Job Profiles & Indicators of Skills Mobility

ESKISP Conduct security testing, under supervision

MICROSOFT DYNAMICS CRM

Appendix A-2 Generic Job Titles for respective categories

CESG Certified Professional

BCS Certificate in Requirements Engineering Extended Syllabus

POSITION INFORMATION DOCUMENT

POSITION INFORMATION DOCUMENT

BCS Foundation Certificate in Green IT Syllabus

BSBCUS501C Manage quality customer service

ESKISP Direct security testing

BANK OF PAPUA NEW GUINEA POSITION DESCRIPTION MANAGER LIBRARY UNIT, ECONOMICS DEPARTMENT

SHAREPOINT SERVICE DEFINITION. G-CLOUD Commercial-in-Confidence. civil.lockheedmartin.co.uk

Schedule A. MITA Career Level based on Responsibility Level (SFIA v5 Responsibility Levels)

BSB60407 Advanced Diploma of Management

Growth Through Excellence

Risk Management Policy

CORE SKILLS 1. INTRODUCTION INTRODUCTION

HOME GROUP LIMITED JOB DESCRIPTION

Manchester City Council Role Profile. Enterprise Architect, Grade 12

Schedule A. MITA Career Level based on Responsibility Level (SFIA v5 Responsibility Levels)

SFIA 5 framework reference. Skills defined in categories and subcategories

POSITION DESCRIPTION

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

Role Description dotnet and SharePoint Developer; Enterprise Systems Integration; IT & Business Systems; BBC Engineering.

Closing date 8 July 2015

January 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals

The IP3 accreditation process. Bob Hart Chief Assessor September 2008

ST JOHN OF GOD COMMUNITY MENTAL HEALTH SERVICES JOB DESCRIPTION

ACS Certification Guidelines

Job Description. contribute to the development and successful implementation of ATM s plans.

POSITION INFORMATION DOCUMENT

AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 -

BAND: 5. 37½ hours per week 1. JOB SUMMARY

SEARCH PROFILE. Executive Director Policy, Planning and Legislative Services. Alberta Seniors and Housing. Executive Manager I

Job Description. The post-holder will be expected to implement and work within the University s Policies, Procedures and Guidelines.

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

KPMG Advisory. Microsoft Dynamics CRM. Advisory, Design & Delivery Services. A KPMG Service for G-Cloud V. April 2014

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

Ambulance Victoria. Position Description

Science and Engineering Professional Framework

Web Team Roles & Responsibilities. This document defines the approved Roles & Responsibilities for the Web Team and related Job Descriptions.

ENVIRONMENTAL, HEALTH AND SAFETY PERSONNEL MANAGEMENT LEVELING GUIDE

Role Activity Grade 5 PAS Professional Officer

ICT and Information Security Resources

Islamic Relief Worldwide ICT Service Delivery Manager

Overview TECHIS Carry out security testing activities

Employability Skills Summary

Job No. (Office Use) Directorate Corporate Services Department Programme Management Office Reports to (Job Title) If No state reason

Responsibilities for quality assurance in teaching and learning

Attribute 1: COMMUNICATION

{Add company name} {Add geographical location} {Add/edit as required} Programme manager. {Add local information}

Curriculum Manager Motor Vehicles Job Description

Release 1. BSBPMG412A Apply project cost-management techniques

Risk Management Policy. Corporate Governance Risk Management Policy

Kenya Revenue Authority (KRA) Chief Manager - Strategy, Planning and Policy

ChildFund Australia Vietnam Representative Office JOB DESCRIPTION

UTS POSITION DESCRIPTION UTS:HUMAN RESOURCES

Harness Care Cooperative Ltd Quality primary care services provided through local cooperation Company registration:

GENERIC CORE MANAGEMENT CRITERIA (CMC) AND STANDARDS (SELECT WHICH ONES ARE APPLICABLE)

Job Level Descriptors Technical Services Staff

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx

Occupational Therapy Assistant

Release: 1. BSBPMG503A Manage project time

Centre for Learning and Development

Manchester City Council Role Profile. Service Manager (Database Analysis), Grade 9

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

developing your potential Cyber Security Training

MANAGER, HUMAN RESOURCES CONSULTING JOB & PERSON SPECIFICATION NOVEMBER 2010

BARNET AND SOUTHGATE COLLEGE JOB RESPONSIBILITY PROFILE. Head of Human Resources & Organisational Development

Message from the Chief Executive of the RCM

JOB DESCRIPTION ASSISTANT PRINCIPAL FUNDING & PERFORMANCE REVIEW

NSPCC JOB DESCRIPTION. Database Training and Support Manager. (Grade 5 - Senior Business Support Officer)

Chartered Engineer. Go back to to choose an alternative status. Write your professional review report

Central Services. Business Support Service JOB DESCRIPTION

Senior Leadership Team and Class Teacher Job Description & Person Specification

UoD IT Job Description

Procuring Penetration Testing Services

POSITION INFORMATION DOCUMENT

Technical Services Job Family THE UNIVERSITY OF NOTTINGHAM

Transcription:

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing April 2014 Page 1 of 8

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing CONTENT CONTENTS Page No. CONTENT... 2 Pricing structure... 3 Consultant levels... 3 Approach to Pricing... 6 Discussion... 7 Page 2 of 8

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Pricing structure Thales Cyber Security Practice offers three types of Vulnerability and Penetration Testers each with different levels of experience (under the CESG Certified Professional Scheme). The following are the levels: Practitioner Penetration Tester. Senior Penetration Tester. Principal Penetration Tester. Lead Penetration Tester. Please refer to the SFIA rate card for Vulnerability Assessment and Penetration Testing for details on pricing for each level. Penetration testing is an independent assessment of the different elements that comprise an information system or product with the goal of finding and documenting the vulnerabilities present. The resultant report is considered with threat reports and other information sources in order to derive a risk assessment that can be used to drive security improvements. Consultant levels Practitioner Penetration Tester Corresponding SFIA Responsibility Level: APPLY Typical Activities: Applies knowledge and contributes to the successful delivery of penetration testing services. Works under general supervision and on discrete tasks when performing penetration tests. Demonstrates an analytical and systematic approach to penetration testing, and is able to apply their own initiative and discretion. Understands and is able to apply appropriate tools and techniques during a penetration test, and works in accordance with relevant legislation and standards. Page 3 of 8

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Performs penetration tests, which may be complex and non-routine, in a variety of environments. Works as part of a larger team, is responsible for planning and monitoring their own work, and assists senior colleagues in delivering successful penetration tests. Demonstrates effective communication skills with colleagues, and when providing input to written reports and presentations. Has regular working level-contact with customers. Is actively developing their understanding of penetration testing, and understands how penetration testing is to be applied and delivered to a customer. Senior Penetration Tester Corresponding SFIA Responsibility Level: ENABLE Typical Activities: Enables the successful delivery of penetration testing services. Is able to accurately scope penetration tests, allocating resources and ensuring personal compliance with relevant legislation and standards. Works autonomously and under general direction, delivering accurate technical results in accordance with a scope and test plan. Performs a broad range of complex penetration tests that demonstrate an analytical and systematic approach Applies knowledge of configuration errors, vulnerabilities and coding flaws to create and execute a series of tests to validate the security of a system or product. Communicates penetration test results to both technical and non-technical audiences, facilitating collaboration between stakeholders where necessary. Influences peers and customers by delivering presentations, papers and reports. Has a good understanding of technology and actively maintains awareness of developments in the penetration testing and information security fields. Participates in technical and/or professional development activities beyond his/her own team, sharing knowledge with colleagues to improve the penetration testing service Page 4 of 8

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Principal Penetration Tester. Corresponding SFIA Responsibility Level: ENSURE/ADVISE Typical Activities: Works under broad direction, is responsible and accountable for the successful delivery of penetration tests, and ensures own team s compliance with relevant legislation and standards. Receives customer requirements, often in the form of general or high-level objectives, and defines detailed penetration test plans that demonstrate creativity and innovation. Defines a penetration testing team s objectives and milestones, allocating resources and delegating responsibilities as required. Leads challenging and complex penetration tests in a wide range of contexts and environments, managing multiple teams deployed at several customer sites. Builds and maintains strong business relationships with customers, and demonstrates an application of own specialism within a wide range of organizations. Has a deep and comprehensive understanding of technology, and performs self-initiated research projects in order to maintain and develop technical knowledge. Influences the penetration testing industry through the contribution of technical specialisms. Takes the initiative in leading the technical development of a team, mentoring junior colleagues and advising on operational improvements to penetration testing services Lead Penetration Tester Corresponding SFIA Responsibility Level: INITIATE/INFLUENCE/ INSPIRE Typical Activities: Has defined authority for the successful delivery of penetration testing services throughout an organisation, either as a customer or supplier, and is responsible for all technical, financial and/or quality aspects of such a service. Page 5 of 8

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Contributes towards the organisation s high-level penetration testing strategy, either as a customer or supplier, taking into account business change, new technology and emerging threats. Demonstrates leadership, and is responsible and accountable for actions and decisions taken by self and subordinates. Actively promotes compliance with all relevant legislation and standards, adapting procedures to accommodate changing circumstances when necessary. Performs and/or oversees highly complex penetration testing activities, often involving a large number of individuals and/or teams. Creatively applies a wide range of technical skills and knowledge, has a broad understanding of technology, and a deep understanding of own technical specialism. Develops high-level relationships with penetration testing service customers, service providers and industry leaders, in order to drive improvements and efficiency gains. Manages and takes the initiative to ensure own team s technical skills remain relevant and up-to-date through monitoring developments in the information security industry. Approach to Pricing The Thales Cyber Security Portfolio (CSP) has clear pricing approach for professional services: Thales can clearly identify the value of the SFIA scheme both to Thales and to our customers. As a result we have embraced the SFIA approach for modelling and describing the competencies of our professional consultants within our Cyber Security Portfolio. For estimating the staffing and pricing of work we have developed a generic model for building the optimal team to a customer s requirements. This is based upon the SFIA framework and has the team roles mapped to SFIA competency levels. We endeavour to minimize the cost to the customer. For example, if it is appropriate to put only one unsupervised team member onto a task then we will. We endeavour to minimize the time-on-task. For example, if it is more appropriate to deploy a Thales specialist as-and-when necessary during a task then we will. If a task is complex and the staffing requires a mix of technical specialists and technical team members then we will deploy the most appropriate technical team lead. We will only deploy our specialists and Subject Matter Experts (SMEs) as and when appropriate. Page 6 of 8

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing We endeavour to make all our staffing and pricing responses to a customer request as transparent as possible. Discussion To assist our customers in selecting the right level of Cyber Security Penetration Tester we offer a free of charge consultation to discuss your requirements. Page 7 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information