Professional Documents
Culture Documents
JL Morission_VAPT_Proposal_REV
JL Morission_VAPT_Proposal_REV
This document contains proprietary and confidential information of Cymune. No part of this document
may be reproduced, transmitted, stored in a retrieval system, nor translated into any human or
computer language, in any form or by any means, electronic, mechanical, optical, chemical, manual, or
otherwise, without the prior written permission of the owners, Cymune.
Document Control
Revision 1.1
1 About Us...........................................................................................................................................- 4 -
3 Statement of Work...............................................................................................................................- 6 -
5 Methodology........................................................................................................................................- 7 -
7 Constraints ..........................................................................................................................................- 9 -
At Cymune we bridge the visible and the invisible Cyber Security gaps for the businesses
that aspire to be Digital with uncompromising approach to innovation. Our approach
involves us to broadly assess three main things across your “Core Domain” areas -
Inherent Risk
Process Maturity
Operational Effectiveness
We understand that organisations are subject to increasing amounts of corporate and regulatory
requirements to demonstrate that they are managing and protecting their information appropriately,
whilst the threats from all quarters, including organised crime, nation-states and activists, are growing
in complexity and volume.
Evolving threats, expanding compliance risks, and resource constraints require a new approach. To
counter these cyber threats, one needs to have the hacker mind-set and we over the years have
reached such a mind-set after having acquired extensive capabilities and experience. Our tools,
processes and people are among the best in the industry with collective knowledge of having handled
several million incidents.
We understand the challenges our clients face every day – because many of our people have occupied
a seat on the other side of the table. We help businesses such as yours to fight against cybercrime,
protect patented data and diminish security risks. Our aim is always to help you transform your
business by removing any security hurdles with the help of our team of security experts and
technologists, operations specialists, researchers and ethical hackers.
We are the experts born out of LOCUZ - two decades of experience leading several transitions. In
these two decades we have immersed ourselves extensively in core data-centre related technologies
solving any & every Infrastructure challenge our clients have faced.
Vulnerability Assessment tools uncover all possible network weaknesses, leaving customers
guessing as to which vulnerabilities pose real, imminent threats.
Penetration Testing
Penetration testing safely exploits vulnerabilities to eliminate "false positives" and reveal tangible
threats. Penetration test results enable IT staff to delineate critical security issues that require
immediate attention from those that pose lesser risks.
Testing Scope Scans for all potential network Identifies vulnerabilities and determines if they can
vulnerabilities. actually be exploited.
Vulnerability Categorizes vulnerabilities based on Tests vulnerabilities on specific network resources,
Relevance standardized, theoretical enabling prioritization of remediation efforts.
information - not customized to the
tested network.
Usefulness of Test Provides false positives, identifying Exploits vulnerabilities, identifying only those that
Results vulnerabilities that cannot be pose actual threats to network resources.
exploited.
Network Connection Does not address connections Exploits trust relationships between network
Testing between network components. components to demonstrate actual attack paths.
Remediation Delivers long lists of vulnerabilities, Assesses the potential risks of specific
Assistance limiting remediation options to vulnerabilities, allowing users to patch only what is
widespread patching. necessary and to test the effectiveness of patches
and other mitigation strategies, such as intrusion
prevention.
Testing of Other Does not simulate attacks to test Launches real-world attacks to determine if other
Security Investments IDS, IPS or other security security investments are functioning properly.
technologies.
5 Methodology
The VAPT Methodology described here incorporates the best security testing practices of the industry
conforming to Information Security compliance standards and Locuz commitment to ensure the highest
possible confidentiality. The methodology needed to perform this test allows for a systematic checking
for known vulnerabilities and pursuit of potential security risks.
7 Constraints
Cymune has identified the following constraints for this service quotation:
The project cannot begin until Cymune has a purchase order for the project.
Limited environment knowledge.
8 Customer Responsibilities
Cymune has identified the following customer responsibilities for this service quotation:
To provide a single point of contact as well as backup contact for reporting any problems during
service.
Customer will provide the appropriate accesses to their premises, systems, processes & policies.
Provide access to the Customer’s systems and networks as necessary to perform the services
during normal business hours, or at mutually agreed timeframes.
Customer will arrange for downtimes as required
Ensure all environment and operational requirements are met prior to implementation.
Verify the equipment location (work site) is prepared to perform the engagement services.
Provide basic configuration information for network and authentication requirements.
Provide installed and tested power, network, and telephone connections.
The completion of any required tasks contained in this proposal within the timeframes allocated.
1. All prices in INR and the price quoted is exclusive of GST@18% or as applicable at the time of
billing
2. Payment Terms: 100% advance along with PO
3. Order to be placed on: Cymune Cybersecurity Services PVT Limited, 4th Floor, 401, Krishe
Sapphire, Main Road, Madhapur, Hyderabad TG 500081
4. The offer is valid until 27 March 2022.
5. Provisioning of services timeline would be at least 1-2 weeks from the date of PO.
6. Note-
a. Above activity will be done remotely only.
b. We cannot perform VAPT for desktops and laptops if they are in different networks.
7. Confidentiality - We agree that we will hold in strict confidence all the information obtained
during our fieldwork on this assignment and will not disclose such information to others or used
such information except in connection with the performance of the services agreed in this
proposal.