NETWORK

AUDIT / ASSESSMENT
( Infrastructure & Security)

For
SCOPE OF WORK.

The Specific Scope for this activity is to Study the Existing Network Infrastructure , Network
Vulnerability , Security assessment, and propose the upgradation / Implemention of of assets/policies
to meet the current secure and reliable standards with priority levels.

A security audit will use best practice methods to discover, assess, test, and finally, suggest
modifications to existing security infrastructure.

1. Conducting the Assessment

 Identify and interview key personnel for information gathering:
 Identify all critical and non-critical Network/ security components ( firewall, IDS,
proxy, apps, DB, etc)
 Discover and map network to identify any infrastructure issues.
 Scan network using vulnerability remediation utilities.

2. Formulation of Target Security Architecture Design

Target designs are based on results and recommendations as determined in the
assessment.
a. A logical architecture of IT security components is needed to organize the physical
architecture and implement security in all identified architectures. The logical structure
includes processes, technology and people. It consists of perimeter security, a
computer incident response team, antivirus policy, security administration, a Disaster
Recovery Plan (DRP), risk and threat analysis, data security, application security, and
infrastructure security.

b. Physical architecture designs include network diagrams illustrating firewalls, mail

gateways, proxies, modem pools, VLANs, Demilitarized Zone (DMZ), internal and
external connections and devices used, and diagrams of other architectures in relation
to security architecture. Especially helpful are diagrams with IP addressing schemes
identified.
NETWORK / SECURITY AUDIT STEPS

1. Vulnerability Scanning

This involves scanning the infrastructure set up to reveal any existing vulnerabilities.
2. Report Audit

This involves auditing reports that are regularly generated as a part of the Security
management process of the organisation. Audits are conducted on:

 Logs – logs that are maintained within the system (syslogs) by the network,
system and database components.
 IDS Reports – reports that are generated by the Intrusion Detection System on an
on-going basis.
 Any other reports that are maintained/generated by the organisation as part of its
security maintenance program.

3. Security Architecture Audit

This involves auditing the existing security architecture of the organisation.

4. Baseline Auditing

This involves auditing the security setup to verify that it is in accordance with the security
baseline of the organisation. Deviations are recorded to analyse compliance during the audit
period.

5. Internal Control and Workflow Audit

This involves auditing the existing workflow in the organisation to ascertain whether it is
sufficient to handle and escalate response to security issues.

6. Policy Audit

The Security policy is audited to ensure that it is in line with the business objectives of the
organisation and complies with standards that the company follows or wishes to follow.

7. Threat/Risk Assessment

Assessment of the various risks and threats facing the company’s Information systems.
Taking into account the results of the audits, this assessment gives an overall picture of the
security risk/ threat to the organisation.
DELIVERABLES

1. Vulnerability Report: Presents vulnerabilities in the company’s IS setup.

2. Threat/Risk Assessment Report: Presents the various threats and risks the company
faces as a result of the existing vulnerabilities including faulty policy, architecture, etc.

3. Audit Report: An Audit report is prepared giving a security overview, and the results of all
the audits and reports are prepared and presented.

4. Policy Recommendation With Documentation

COMMERCIAL PROPOSAL

Project Duration : 15-25 Working Days ( Including Documentation )

Total Project Cost : 3,00,000 + GST @ 18%

Location : Foot Prints , Bangalore