Information Security Management Program

Executive Summary

Background and Objective

The Horsel Engineering Services (HORSEL) is a Shared-Service infrastructure for facilitating

payments finalities, streamlining Inter-bank payments and settlement mechanisms, to drive
and promote Electronic Payments across the Nigerian Financial Industry.

HORSEL, like other similar Financial services organization, is highly targeted within the
information security space. As a result, Security Awareness Training is a priority for all
employees. Other focus areas include Security Risk Management to protect existing data and
to recover lost data as part of the Governance, Compliance and Organization component.

Stemming from concerns surrounding new threats involving inter-bank payment systems
and ransomware, financial institutions are focusing greater attention on Information
Security Program, including:

• Awareness and Training to train users to act as a frontline of defence for the
organization;
• Pre-emptive security audit, risk and vulnerability assessment;
• Adoption and compliance to globally recognized information security management
standard such as ISO 27001/27002 and Payment Card Industry Data Security
Standard (PCI DSS); and
• Implementation of security controls to improve the protection of customer data and
Increase customer confidence through assurance of higher level of data security.

We (NETLINK Solutions Limited) are pleased to offer our service to assist the HORSEL in
preforming a penetration test, training, reporting and implementation services to secure
resident information systems, proprietary data and customer information. The intent of this
our expression of interest is to implement, for the HORSEL, an Information Security
Program.

The primary goals and objective of the implementation of this program are to:

1. Identify and confirm the HORSEL vulnerabilities to information systems from

internal and external threats by actually attempting to penetrate existing defences.
2. Identify and confirm the HORSEL vulnerabilities to information systems security
breach from internal and external threats by actually auditing the current
architecture and systems configurations.
3. Minimize or eliminate business risks and exposures by identifying short and long
term options and solutions for remediation of identified vulnerabilities.
4. Determine the appropriate approach to develop or improve existing information
security program.
5. Provide training to HORSEL staff
6. Recognize appropriate solutions to identified risks, vulnerabilities, and/or threats.

1|Page confidential and proprietary

 Information Security Management Program

7. Present to the HORSEL management a comprehensive and cost effective roadmap for
implementation of these information security solutions.
8. Use our team of skilled pool of seasoned and dedicated IT security
professionals to assist with the implementation of the specified security
controls within agreed timelines and budget.

About NETLINK Solutions Limited

NETLINK Solutions limited is an innovative Information Technology company with

complementary team of dedicated practitioners and technology experts providing deep
industry expertise to organizations across Nigeria. Our global technical alliance with the
world’s leading OEMs ensures that we can deliver cutting-edge service and business
solutions to our customers in several industry sectors and transform your organization in the
midst of today’s rapidly changing and competitive business conditions.

Scope of the Information Security Program

- External Network Vulnerability Assessment and Penetration Testing

- Internal Network Vulnerability Assessment and Penetration Testing
- Web Application Penetration Testing
- Wireless Network Assessment and Penetration Testing
- Virtual Infrastructure Security Assessment
- Server Configuration Reviews
- Firewall and Router Configuration Reviews
- VPN Configuration Reviews
- Voice over IP Assessments
- Physical Security Reviews
- Software Source Code Reviews
- Application Threat Modeling and Design Reviews
- Information Security Management Policy and Procedure Development or Review
- Information Security Risk Assessment
- Security Awareness Program Development or Review
- Incident Response Program Development or Review
- PCI Scan
- PCI Report on Compliance Assessment or Gap Analysis
-
1. Introduction
a. Project Background
i. Our Understanding of HORSEL Information Security needs
b. Our Value Proposition

2|Page confidential and proprietary

 Information Security Management Program

c. Our Delivery Approach and Methodology

d. Our Proven Information Security Solution offerings and Tools

2. Project Deliverables

3. Project Management Approach

4. Appendix: References

5. Appendix: Project Team Staffing

6. Appendix: Company Overview

a. Technology Partners
b. Information Security Certifications

NETLINK solutions is involved in providing technology services in the areas of Strategic

Planning Services/Consultancy to offer to the Public and Private Sector.

NETLINK has identified the value and impact of information technology in the
implementation of automated and transparent concepts that made lots of companies achieve
their business goals. NETLINK Solutions with our strategic partners has the ability to offer
cutting edge technology services that has to do with proper planning, implementation and
management of business processes. Part of NETLINK solutions expertise is offering services
that cut across IT security, implementation of IT policies and IT advisory services.

This aspect of securing an organizations' network and intellectual property by proper

positioning of IT services goes a long way shaping how organizations work to achieve
excellence and positioning it in line with business goals; which are the key features needed to
achieve business goals delivered by a well streamlined organizational work flow.

3|Page confidential and proprietary