IT Security Audit Proposal: Dhanuka Agritech

Aug 2019

Commercial-in-confidence

1
IT Security Audit Proposal

Version Information

Version Date Author(s) Role Remark

1.0 19 June, 2019 Saket Kumar Singh Creator

1.0 19 June, 2019 Nurul Aja Reviewer

1.1 19 June, 2019 Shantanu Chaudhury Approver

Contact Information

Please feel free to contact specified below Account Manager for further information on this document.

Shantanu Pal Chaudhury

Account Manager
Mobile: +91-9910392808
shantanu@ntopinfosec.in

Company Address
NTOP InfoSec Pvt. Ltd.
T-1,2,3, Third Floor, Sarda Chambers1
Central Market, D Block
Prashant Vihar, New Delhi - 110085
Website: http://www.ntopinfosec.in

Copyright©(All Rights Reserved)

All material contained in this document are protected by Indian copyright law and may not be
reproduced, distributed, transmitted, displayed, published and broadcast with the prior permission of
NTOP InfoSec Pvt.Ltd., the owner of the content. You may not alter or remove any trademark, copyright
or other notice from copies of the content.

2
IT Security Audit Proposal

TABLE OF CONTENTS
Proposal Objective: - ........................................................................ 4
Introduction: - .................................................................................. 4
About NTOP:-.................................................................................... 4
Detailed Scope of Work:- .................................................................. 5
Audit Methodology: - ........................................................................ 8
Audit Tools: ...................................................................................... 8
What we require from you: - ............................................................ 8
Change Management: - ..................................................................... 9
Acceptance: - .................................................................................... 9
Commercials: .................................................................................. 10

3
IT Security Audit Proposal

Proposal Objective: -

This proposal covers Network Security Audit of IT Infrastructure of Dhanuka Agritech Ltd at
Gurgaon location

Introduction: -
Information Technology is increasingly advanced and has become pervasive in enterprises
and in social, public and business environments. Hence, Information Security is an
important aspect of an organization’s IT Infrastructure to maintain Confidentiality, Integrity
and Availability. A well-designed IT Infrastructure will improve efficiency and development
of enterprise by controlling user’s authorization, accessibility and authentication.
Information Security practices also provides secure packet transmission from node to node.
Information Security also helps an organization to reduce risk to acceptable level, which
results in increasing organization’s image and increases productivity due to optimized
operations of all business operations.

About NTOP:-

NTOP InfoSec Pvt. Ltd. is a NextGen Information Security Company to endow with to
execute IT Solution architect and Security design having its offices in Delhi NCR and
Rajasthan. Our team having more than 16 years of experience in ISMS Auditing and
Implementation, PCI DSS Compliant Consultancy, Data Centre Setup and Management,
Airlines and Airports Project Executions, Corporate IT Management and IT Setup in
Educational Sectors.

4
IT Security Audit Proposal

Detailed Scope of Work:-

The objective of this proposal is to conduct IT Security Audit of Dhanuka

Agritechas per following IT Infrastructure:

Number of
S.no Classification
Devices

1 virtual server need to be monitor(Windows) 41

2 virtual server need to be monitor(Linux) 19

3 Physical Server 10
4 Network Storage 1
5 Laptop/Desktop 15
6 firewall 2
7 Switch 2
8 Wireless Access points 11

Module 1: Network Architecture Review

Objective
To assess overall network design from a security perspective, including DMZ placement,
network segmentation, external presence, and hardening techniques

Ntop Auditor will study the proper installation of network & security devices and
provide recommendations to establish a secure network architecture

Study of data flow among Servers, Databases to enhance security and performance.

Deliverables
Report on review of network architecture with recommendation, if any

5
IT Security Audit Proposal

Module 2: Vulnerability Assessment

Audit Objective

To carry out Vulnerability Assessment (internally) of Desktops, Servers, Switches, Firewall

and recommend appropriate controls to patch up the identified vulnerabilities

The major objectives of a VA are:

To identify and understand the existing vulnerabilities in scoped systems:

Review existing security controls on operational, administrative and managerial
issues, and ensure compliance to security standards

To test the current strength of the security of the systems

Provide recommendations and corrective actions for patching up the identified

vulnerabilities

Audit Scope

Ntop will conduct vulnerability assessment of above scoped network components to

identify vulnerabilities and provide recommendations to patch up the identified
vulnerabilities.

All identified vulnerabilities will be fixed by Dhanuka Agritech IT Team.

Deliverables
Vulnerability Assessment Report with recommendations to patch up all vulnerable
points

About Vulnerability Assessment: Vulnerability Assessment is used to test the

organization's systems internally which includes Server, Desktops, Network/Security
Devices for vulnerabilities. This requires access to the company's network.
Vulnerabilities are identified but not exploited. nTOP does not 'hack' into any systems, and
clients' data is not modified. The aim is to identify the vulnerabilities and threats that exist
in the current digital environment obtained at the audited sites. A detailed vulnerability scan
shall be carried out of the systems to un-cover vulnerabilities. These are formulated into a
report and the client advised.

6
IT Security Audit Proposal

Module 3: Configuration Audit

Audit Objective

To carry out configuration audit of servers/ network/ security devices of Dhanuka Agritech,
and recommend appropriate controls to fix weak/ default configuration

The major objectives of configuration audit are to:

Review configuration of Servers & Network/Security devices to assess the risks due to
mis-configurations or default settings
Audit Scope

Ntop will conduct configuration audit of servers/ switches/ firewall to identify weak
configurations and provide recommendations to improve performance and enhance
systems security.

Deliverables
Configuration Audit Report with recommendations to enhance network security

Module 4: External Penetration Testing

Audit Objective

To carry out external penetration testing of Public IP Address of Dhanuka Agritech, and
recommend appropriate controls to patch up the identified vulnerabilities.

The major objectives of a security audit are to:

Identify and understand the existing vulnerabilities in systems/application accessed

from internet to identify vulnerable points exposed from internet.

To test the current strength of the security of the publically exposed servers

Audit Scope
Ntop will conduct external penetration testing of Public IP Addresses for all vulnerable
points and provide recommendations to patch up the identified vulnerabilities.

7
IT Security Audit Proposal

Deliverables
External Penetration Testing report with recommendations to patch up identified
vulnerabilities

About External Penetration Testing:

External Penetration Test Services have been formulated to achieve three key objectives:
✓ Provide a non-invasive means to test the current strength of the security of the
network from internet.
✓ Provide independent analysis of network and locate all vulnerabilities.
✓ Advise on the most effective solutions to secure your network.

Audit Methodology: -

Audit Tools:
Ntop will use manual testing methods as well as following open source and commercial tools
for testing
✓ Nessus Vulnerability Scanner

✓ NMAP Port Scanner

✓ Metasploit PenTesting Tool

✓ ……………………. & More

What we require from you: -

We propose that you will provide:

1. The staging/ test server with the hosted Web application which is to be audited
along with two users and one admin credentials

2. Dhanuka Agritech will designate a Single point of contact to co-ordinate the

activities

3. NTOPrequire support of Application development team for clarifications and for

patching up of the vulnerabilities in the web pages

8
IT Security Audit Proposal

Change Management: -

Any change to the project scope, duration, deliverables, pricing, or any other change shall be
mutually agreed to by both parties using a Change Request Form. The Change Request form
will include the reason for the change, a description of the change, and the anticipated impact
on the project’s budget, schedule, deliverables, and pricing.
NTOP will not undertake any project change until the change has been documented, priced,
and agreed to by Dhanuka Agritechand NTOP.

Acceptance: -

After the receipt of the Final Delivery of the project, Dhanuka Agritechshall issue, within 2
weeks, a formal Project Completion Certificate stating the satisfactory completion of the
project. If NTOP does not receive the above within the above-mentioned period, we shall
consider formal completion of the Project.

9
IT Security Audit Proposal

Commercials:

Professional Fee for Web Security Audit of Dhanuka Agritechis as follows:

Number of Cost Configuration
S.no Classification Cost (PT)
Devices (VA) Review
virtual server need to be
1 41
monitor(Windows) 1000 3750 1875
virtual server need to be
2 19
monitor(Linux) 1000 3750 1875
3 Physical Server 10 1000 3750 1875
4 Network Storage 1 1000 3750 3125
5 Laptop/Desktop 15 625 3125 1875
6 firewall 2 625 3125 3125
7 Switch 2 625 3125 3125
8 Wireless Access points 11 625 3125 3125

GST as applicable will be extra

Payment Terms & Conditions

50% As advance at the time of starting of audit along with Formal PO

20% After completion of 10 days of audit
30% After submission of all reports

IN WITNESS WHEREOF, the parties have read the above and hereby execute this
Statement of Work as of the date first set forth below.

For Dhanuka Agritech Limited For NTOP InfoSec Pvt. Ltd.

Name : Name :

Appointment: Appointment: Director

Date: Date:

10