RCGNE can provide a good overall view of the general security of your corporate data and network-computing environment while verifying that your current technology serves the business needs of your organization. This security assessment lays the foundation of your threshold of security comfort and determines the focus of protection of your organization's systems, data, and resources. The enclosed proposal outlines our process and the phases involved in creating an effective security assessment. The three phases are: • Initial Security Assessment and Research • Evaluation and Recommendations • Presentation of Findings We base this on our past experience and industry best practices. The result of the security assessment provides information you need to focus resources on the areas that create the highest risk for your organization. It is our goal to give your organization a good overall view of the general security of your corporate data and network-computing environment. We will determine if intruders, either external or internal to the organization, can exploit vulnerabilities and attack the network in order to do any of the following: • Gain unauthorized information • Gain access to restricted or sensitive information • Maliciously modify or destroy information / data • Deny authorized users or customer access to the network's information resources RCGNE will use a variety of tools and experience to identify security vulnerabilities on Company X's network. RCGNE's objective is to find these exposures and provide appropriate recommendations to reduce and/or eliminate as many of the vulnerabilities as possible. Phase 1: Initial Security Assessment and Research The purpose of this phase is to evaluate the state of the network as it relates to security and research recommendations on how to optimize the network to achieve new and improved security levels. A network security engineer will be assigned to work with members of your organization to perform and document an initial network security assessment. As we evaluate the network and research recommendations, special attention will be given to assessing and documenting your existing infrastructure and your requirements. Phase 2: Evaluate Findings and Determine Recommendations Time will be spent onsite discovering and analyzing the network and offsite discussing the findings with the RCGNE technical team and documenting the findings and recommendations in a deliverable document. Phase 3: Present Findings RCGNE will develop and deliver a report detailing the test procedure and tools, an executive summary of findings, detailed findings, supporting documentation, an assessment of the risk associated with these findings, and a prioritized work plan for resolving any of the vulnerabilities that are found.