[Vine Corporation LTD]

[20th of February, 2017]

PROJECT PROPOSAL

[PENETRATION TESTING FIRM]

1
I. SUMMARY ............................................................................................................... 3

II. INTRODUCTION ................................................................................................... 4

III. PROBLEMS/SOLUTION ..................................................................................... 5

IV. PROCEDURES/SCOPE OF WORK .................................................................. 7

V. TIMETABLE/BUDGET........................................................................................ 8

VI. KEY PERSONNEL................................................................................................10

VII. EVALUATION .......................................................................................................10

VIII. NEXT STEPS .........................................................................................................11

2
 1. Summary
Vine Corporation is a next generation company that is an idea of a youth and its intended to be
run by youths, it’s an information and communication technology firm that focuses on
Information security. ICT has been implemented in all facet of human life and a security
breach in any of such ICT installations will lead to loss of millions of dollars and sometimes
life (incases of medical installations). The Vine Corporation Project seek to address this issue
of security from a different perspective, the PENETRATION TESTING angle. Penetration
testing is the act of trying to exploit and already existing security measure, to see if such
measures will be able to with stand incumbent threat.

At the end of this project, it’s expected that a world class penetration testing firm will have
been set up here in Africa, with Lagos as it headquarters. In other to achieve this, this proposal
contains steps that we hope to follow, such as creating an African based penetration testing
team, developing a company customer website, opening of its headquarters in Lagos and
running relevant PR activities. After the analysis of cost involve it’s hoped that the project can
be covered with the sum of N5million.

Please take your time to go through the proposal and if there is any question you would love
to ask we are always available 24/7 to answer them. Thanks and we hope to work with you as
partner very soon.

3
 2. Introduction
The year 2015 and 2016 saw the emergency of the “Ransomeware”, a malware that has the
ability to lock all the files in a company’s network once introduced, in other to get back one’s
file you will have to pay in bitcoin (which by the way is near impossible to track) to the hacker
who introduced the malware into your network. This cost a lot of money for several
companies because though they have setup defense system against such attacks, they have
never had such defense tested to see if it will hold.

Building a defense system against hackers is very common amongst companies and
individuals who have ICT setups and a few also go as far as testing their system against
automated attacks, but all these setup still cannot match the determination of a hacker and
beside automated attack do not take into consideration the most viable form of attack in our
time now, that is SOCIAL ENGINEERING.

Vine Corporation was born under the necessity of having a determined “white hacker”
(Penetration tester) hack into your network (no damages will be done to your network during
this time) for you to determine if there is any vulnerability that might exist for a “black
hacker” to exploit. What we do is to identify these vulnerabilities, attempt to exploit them,
give the company the result of our findings and then finally help in facilitating remedy.

Companies like Vine Corporations are very few in the world and as such the larger part of the
world is still available for exploit, beside in Africa Vine Corporation will be one of the pioneers
in providing this kind of service. Vinecorpz mission is to protect the digital life of all Africans,
this we also seek to achieve by training world class information security experts here in Africa
to send to all parts of the world, creating teams of African based pentesters that can be
deployed anywhere they are needed.

Our penetration testing services will be made available to individuals, companies, armed
forces as well as governments, it will range from mobile app testing to website testing as well
as company’s intranet and internet network. We will employ all forms of penetration testing
tools as allowed by each client.

4
 3. Problems/Solution
One of the biggest challenges in IT security is determining whether the tools and
configurations you have in place are giving your organization the level of security you
require. Here's how penetration testing can help.

What is a Penetration Test?

There are a lot of different ways that penetration testing is described, conducted
and marketed. Often confused with conducting a “vulnerability scan”, “compliance
audit” or “security assessment”, penetration testing stands apart from these efforts
in a few critical ways:

 A penetration test doesn’t stop at simply uncovering vulnerabilities: it goes the next
step to actively exploit those vulnerabilities in order to prove (or disprove) real-world
attack vectors against an organization’s IT assets, data, humans, and/or physical
security.

 While a penetration test may involve use of automated tools and process frameworks,
the focus is ultimately on the individual or team of testers, the experience they bring to
the test, and the skills and wherewithal they leverage in the context of an active attack
on your organization. This can’t be over-emphasized. Even highly automated, well-
resourced, and advanced networks employing sophisticated counter-measure
technologies are often vulnerable to the unique nature of the human mind, which can
think laterally and outside of the box, can both analyze and synthesize, and is armed
with motive and determination.

 A penetration test is designed to answer the question: “What is the real-

world effectiveness of my existing security controls against an active, human, skilled
attacker?” We can contrast this with security or compliance audits that check for the
existence of required controls and their correct configurations, by establishing a simple
scenario: Even a 100% compliant organization may still be vulnerable in the real world
against a skilled human threat agent.
 A penetration test allows for multiple attack vectors to be explored against the same
target. Often it is the combination of information or vulnerabilities across different
systems that will lead to a successful compromise. While there are examples of
penetration testing that limit their scope to only one target via one vector (example, a
web application pen test conducted only from the point of view of the Internet
browser), their results should always be taken with a grain of salt: while the test may
have provided valuable results, its results are only useful within the same context the
test was conducted. Put another way, limiting scope and vector yields limited real-
world understanding of security risk.
5
What is the Value of a Penetration Test?

Here are a few of the reasons organizations invest in penetration testing:

 Determining the feasibility of a particular set of attack vectors

 Identifying higher-risk vulnerabilities that result from a combination of lower-risk

vulnerabilities exploited in a particular sequence

 Identifying vulnerabilities that may be difficult or impossible to detect with automated

network or application vulnerability scanning software

 Assessing the magnitude of potential business and operational impacts of successful

attacks

 Testing the ability of network defenders to successfully detect and respond to the
attacks

 Providing evidence to support increased investments in security personnel and

technology to C-level management, investors, and customers

 Meeting compliance (for example: the Payment Card Industry Data Security Standard
(PCI DSS) requires both annual and ongoing penetration testing (after any system
changes)

 Post security incident, an organization needs to determine the vectors that were used to
gain access to a compromised system (or entire network). Combined with forensic
analysis, a penetration test is often used to re-create the attack chain, or else to validate
that new security controls put in place will thwart a similar attack in the future.

6
 4. Procedures/Scope of Work
In other to get VC penetration testing team operational we will need to get the following in
place.

o A Website: A standard website will need to be created, this will serve as our online
office, a portal for customers and potential customers to make enquiries. It will involve
purchasing a domain name and hosting space, the design of the website will be done by
the already existing team that VC has.
o Company Name Registration: in other to operate fully and legally we will need to
register our business name with the CAC commission of Nigeria.
o Office Space: VC will need a headquarters to operate from, a portable office space
which will be better placed in Lagos as it is the ICT hub in Nigeria and from there we
can establish offices in other parts of the continent as the current team of VC has one of
its members in Algeria.
o Marketers: VC will also need tech smart marketers that will take our services round the
globe, through face to face marketing and internet marketing as well.

To begin we need to start with the construction of the website and the registration of the
Companies name with CAC, once both of them are concluded we can then push forward to
doing necessary Public relations activities while the Office space is been setup, so that before
the completion of the office space we will already have customers to attend to. In all our setup
will not exceed 3 month. Detailed scope of work will be provided once we are approved.

7
 5. Timetable/ Budget
Below is a breakdown of how this project will be implemented.

Description of Work Start and End Dates

Phase One Website development/ Company Month 1
name Registration
Phase Two Public relations activities/marketing Month 2
Phase Three Office space design Month 3

You can also use a Gantt chart for more detailed project timetable:

ACTIVITY IMPLEMENTATION TIME RESPONSIBILITY

1. Web Development and company Month 1 Month 2 Month 3
name registration XXXXXXX Project
Manager (PM)
1.1. Construction of website XXXXXX VC Team
1.2. Application for availability of XXXXXX XXXXXX Consultant
name
1.3. Actual Registration of name XXXXXX XXXXXX Consultant
1.4 Preparation of Legal Documents XXXXXXX XXXXXXX Consultant
2. Public relations activities XXXXXXX XXXXXX XXXXXX Project
Manager
2.1. Development of social media XXXXXX Consultant
handlers for VC

2.2 Marketing activities XXXXXX XXXXXX Consultant

2.3 Organization of Seminars XXXXXX Project
Manager
3. Office Space Design XXXXXX Project
Manager
3.1 Locating and Renting of Space XXXXXX XXXXXX Project Manager
3.2 Designing of space XXXXXX Consultant
3.3 Launching XXXXXX Project Manager

Budget
Below contain the proposed cost which might change due to economic circumstances

Description of Work Probable Cost

Phase One Website development/ Company N200,000
name Registration
Phase Two Public relations activities/marketing N500,000*
Phase Three Office space design N1,000,000**
Total N 1,700,000
8
*. Price is subject to Change

**. Price is subject to change depending on the city that we decide to setup the office, note also
that VC Team can start operations even when the office is not ready, as our activities does not
require us to work from the office.

9
 6. Key Personnel
Members involve in the project

POSITION NAME
Sponsor Please Insert your name
Project manager Edheba Jerry Efemena (Nigeria)
Team Tahar Amine (Algeria), Ogheneovie Ralph Otutu(United Arab Emirate)

7. Evaluation
At the beginning of every week everyone working in the project will submit what he or she
hope to achieve at the end of the week, all submission will be examined by the project
manager who will then ascertain if the weekly deliveries will meet up with the total project
timing if not additional task will be added. Once decided daily deliveries will be expected from
each member of the team, these will be submitted to the Project manager and the Sponsor of
the Project

10
 8. Next Steps
Having completed your reading of this document we will be glad if you can be a member of
our team by been its sponsor. To be a part of our team

• Call the project manager (Jerry) for any question on +2347060595108 or email us on
[email protected]

• Arrange a meeting with us for necessary signing of document

• Provide your quota for the commencement of the project

Thanks for your time and we look forward to hearing from you soon.

Signature & Name

Project Manager Project Sponsor Team member

Date: _____________ Date: _____________ Date: _____________

11