Академический Документы
Профессиональный Документы
Культура Документы
Aug 2019
Commercial-in-confidence
1
IT Security Audit Proposal
Version Information
Contact Information
Please feel free to contact specified below Account Manager for further information on this document.
Company Address
NTOP InfoSec Pvt. Ltd.
T-1,2,3, Third Floor, Sarda Chambers1
Central Market, D Block
Prashant Vihar, New Delhi - 110085
Website: http://www.ntopinfosec.in
All material contained in this document are protected by Indian copyright law and may not be
reproduced, distributed, transmitted, displayed, published and broadcast with the prior permission of
NTOP InfoSec Pvt.Ltd., the owner of the content. You may not alter or remove any trademark, copyright
or other notice from copies of the content.
2
IT Security Audit Proposal
TABLE OF CONTENTS
Proposal Objective: - ........................................................................ 4
Introduction: - .................................................................................. 4
About NTOP:-.................................................................................... 4
Detailed Scope of Work:- .................................................................. 5
Audit Methodology: - ........................................................................ 8
Audit Tools: ...................................................................................... 8
What we require from you: - ............................................................ 8
Change Management: - ..................................................................... 9
Acceptance: - .................................................................................... 9
Commercials: .................................................................................. 10
3
IT Security Audit Proposal
Proposal Objective: -
This proposal covers Network Security Audit of IT Infrastructure of Dhanuka Agritech Ltd at
Gurgaon location
Introduction: -
Information Technology is increasingly advanced and has become pervasive in enterprises
and in social, public and business environments. Hence, Information Security is an
important aspect of an organization’s IT Infrastructure to maintain Confidentiality, Integrity
and Availability. A well-designed IT Infrastructure will improve efficiency and development
of enterprise by controlling user’s authorization, accessibility and authentication.
Information Security practices also provides secure packet transmission from node to node.
Information Security also helps an organization to reduce risk to acceptable level, which
results in increasing organization’s image and increases productivity due to optimized
operations of all business operations.
About NTOP:-
NTOP InfoSec Pvt. Ltd. is a NextGen Information Security Company to endow with to
execute IT Solution architect and Security design having its offices in Delhi NCR and
Rajasthan. Our team having more than 16 years of experience in ISMS Auditing and
Implementation, PCI DSS Compliant Consultancy, Data Centre Setup and Management,
Airlines and Airports Project Executions, Corporate IT Management and IT Setup in
Educational Sectors.
4
IT Security Audit Proposal
Number of
S.no Classification
Devices
3 Physical Server 10
4 Network Storage 1
5 Laptop/Desktop 15
6 firewall 2
7 Switch 2
8 Wireless Access points 11
Objective
To assess overall network design from a security perspective, including DMZ placement,
network segmentation, external presence, and hardening techniques
Ntop Auditor will study the proper installation of network & security devices and
provide recommendations to establish a secure network architecture
Study of data flow among Servers, Databases to enhance security and performance.
Deliverables
Report on review of network architecture with recommendation, if any
5
IT Security Audit Proposal
Audit Objective
Audit Scope
Deliverables
Vulnerability Assessment Report with recommendations to patch up all vulnerable
points
6
IT Security Audit Proposal
Audit Objective
To carry out configuration audit of servers/ network/ security devices of Dhanuka Agritech,
and recommend appropriate controls to fix weak/ default configuration
Review configuration of Servers & Network/Security devices to assess the risks due to
mis-configurations or default settings
Audit Scope
Ntop will conduct configuration audit of servers/ switches/ firewall to identify weak
configurations and provide recommendations to improve performance and enhance
systems security.
Deliverables
Configuration Audit Report with recommendations to enhance network security
Audit Objective
To carry out external penetration testing of Public IP Address of Dhanuka Agritech, and
recommend appropriate controls to patch up the identified vulnerabilities.
To test the current strength of the security of the publically exposed servers
Audit Scope
Ntop will conduct external penetration testing of Public IP Addresses for all vulnerable
points and provide recommendations to patch up the identified vulnerabilities.
7
IT Security Audit Proposal
Deliverables
External Penetration Testing report with recommendations to patch up identified
vulnerabilities
Audit Methodology: -
Audit Tools:
Ntop will use manual testing methods as well as following open source and commercial tools
for testing
✓ Nessus Vulnerability Scanner
1. The staging/ test server with the hosted Web application which is to be audited
along with two users and one admin credentials
8
IT Security Audit Proposal
Change Management: -
Any change to the project scope, duration, deliverables, pricing, or any other change shall be
mutually agreed to by both parties using a Change Request Form. The Change Request form
will include the reason for the change, a description of the change, and the anticipated impact
on the project’s budget, schedule, deliverables, and pricing.
NTOP will not undertake any project change until the change has been documented, priced,
and agreed to by Dhanuka Agritechand NTOP.
Acceptance: -
After the receipt of the Final Delivery of the project, Dhanuka Agritechshall issue, within 2
weeks, a formal Project Completion Certificate stating the satisfactory completion of the
project. If NTOP does not receive the above within the above-mentioned period, we shall
consider formal completion of the Project.
9
IT Security Audit Proposal
Commercials:
IN WITNESS WHEREOF, the parties have read the above and hereby execute this
Statement of Work as of the date first set forth below.
Name : Name :
Date: Date:
10