2016

Cyberoam
QUEST ASSURANCE SERVICES
This report is a proposal for Cyberoam Pvt. Ltd to expand its operations
to the IT and Security Audit market.

TABLE OF CONTENTS
Serial no.

Topic

Page no.

Introduction

Company Selected

Security and IT Audit

Market Potential

Quest Assurance Services

Human Resource Structure

Marketing

Revenue Model

10

Pricing

10

10

Revenue Projections

11

11

Cost Break-down

12

12

Projected Income Statement

13

INTRODUCTION
CYBER SECURITY
Computer security, also known as cybersecurity or IT security, is the protection of
information systems from theft or damage to the hardware, the software, and to the
information on them, as well as from disruption or misdirection of the services they provide.
It includes controlling physical access to the hardware, as well as protecting against harm that
may come via network access, data and code injection, and due to malpractice by operators,
whether intentional, accidental, or due to them being tricked into deviating from secure
procedures.
The field is of growing importance due to the increasing reliance on computer systems and
the Internet in most societies, wireless networks such as Bluetooth and Wi-Fi - and the
growth of "smart" devices, including smartphones, televisions and tiny devices as part of the
Internet of Things.

CYBER SECURITY IN INDIA

India is especially vulnerable against cybercrime. It is no more a question of, if or when you
will be attacked- but how often. In 2015, Indian organizations were the 6th most targeted in
Asia, with targeted organizations on the receiving end of two attacks a year on an average.
Organizations in the public utilities and financial sector that were targeted once were most
likely to be targeted again at least two times more throughout the year. Mining was the
highest risk prone sector, where one out of two companies was attacked at least once last
year. 40 percent of BFSI businesses were also attacked at least once. In fact, over the last
three years India has gradually moved up the rankings to rank #3 in 2015 (after rank #7
2013; #5 2014) for most financial Trojan infections globally as per a recent research by
Symantec on Financial Threats 2015.

1|Page

COMPANY SELECTED
CYBEROAM PVT. LTD

Cyberoam a Sophos Company, secures organizations with its wide range of product
offerings at the network gateway. Cyberoam leverages the power of multi-core processors,
offering enterprise-grade performance, in its appliances.
Cyberoams product offerings include:

Cyberoam Network Security Appliances UTM, NGFW

Cyberoam iView Intelligent Logging and Reporting

Cyberoam Central Console (CCC)

Cyberoam NetGenie

JUSTIFICATION

Extensive and varied clientele

Provides varied array of services

Market reputation and goodwill

Expertise in terms of human resources

Usage of up-to-date hardware and software

2|Page

SECURITY AND IT AUDIT

An information security audit is an audit on the level of information security in an
organization. Within the broad scope of auditing information security there are multiple types
of audits, multiple objectives for different audits, etc. Most commonly the controls being
audited can be categorized to technical, physical and administrative. Auditing information
security covers topics from auditing the physical security of data centers to auditing the
logical security of databases and highlights key components to look for and different methods
for auditing these areas.
When centered on the IT aspects of information security, it can be seen as a part of an
information technology audit. It is often then referred to as an information technology
security audit or a computer security audit. However, information security encompasses
much more than IT.
MAJOR ELEMENTS OF SECURITYAND IT AUDIT

Meet with IT management to determine possible areas of concern

Review the current IT organization chart

Review job descriptions of data center employees

Research all operating systems, software applications and data center equipment
operating within the data center

Review the companys IT policies and procedures

Evaluate the companys IT budget and systems planning documentation

Review the data centers disaster recovery plan

MAIN SYSTEMS COVERED UNDER SECURITY AND IT AUDIT

Network vulnerabilities

Controls

Encryption and IT audit

Logical security audit

Specific tools used in network security

Behavioral audit

3|Page

MARKET POTENTIAL

In the last few years, India has seen a boom in the IT industry. The online market has grown
significantly with online retailers and service providers gaining significant market share over
a small period of time. But the same has not been supported with an equally well developed
IT safeguard structure. As more and more information is fed and processed online, the
number of people who become directly vulnerable in case a cyber-attack happens has
increased multi-fold, as is evident from the graph shown above.

With the growing vulnerability of consumer data online, the need to establish and review IT
systems adopted by companies working in this sector has also increased. This is where our
role as IT and Security Auditors comes in. With no major players in the market presently
providing such service, the scope of growth is huge, both nation-wide and internationally.
This is where we, as Security and IT audit service providers enter the market. With an already
established clientele for our existing products and services, we can easily provide this as an
add-on service to them. Along with that, we can also get many more clients who would want
to opt for this service due to

Sheer lack of such service providers in the market

Ever growing risk of cyber attacks

4|Page

QUEST ASSURANCE SERVICES

We plan on incorporating a separate division in our organisation structure which will look
after the IT and Security service that the company plans on providing.
This service will be marketed under the name Quest Assurance Services and the tagline
for the brand will be Securing your servers.

SERVICE DESCRIPTION
We plan on providing both one time as well as long term solutions to our clients. Basically,
we will be open to take one-time contracts under which we audit and review the systems only
once and submit our report on the same. But our major focus would be on establishing long
term ties with our clients under which we provide them with continuous review and audit
services.
Through this service, we also plan on marketing the other services that we already provide in
the market. Post every audit that we conduct, we will submit our review along with which we
will tell them the areas which need immediate attention and how we can help provide
solutions to these problems. It will be up to the client whether he wants to use our services or
approach any other service provider for the same.

5|Page

HUMAN RESOURCE STRUCTURE

The IT Audit division of Cyberoam is a highly specialized branch, and requires a skilled set
of employees. The new addition to the Cyberoam family is headed by the Division Head. He
is directly answerable to the CEO of the company for the first year of operations, as direct
supervision of the CEO is crucial at this point. The Head of the Division will be trained
directly by the CEO over a course of 6 months after which partial autonomy will be granted
to him.

The employees of this division fall under the following job titles:

Software Engineers

Hackers

Data Analytics Engineer

Coders

Customer Relations Managers

Each Project Manager is answerable to the Division Head. The size of each Project Team is
determined by the supervisory committee headed by the CEO (Interim Head) and eventually
the Division Head.

6|Page

RECRUITMENT STRATEGIES

1) Conducting Hackathons
A hackathon (also known as a hack day, hackfest or codefest) is an event in which
computer programmers and others involved in software development, including
graphic designers, interface designers and project managers, collaborate intensively
on software projects. Such events will be organised by the Company and the winners
or key performers of said event will be recruited into the organisation.

2) Employee Referrals
Owing to the existing employee base of the Cyberoam family, employee referrals will
be a beneficial option to recruit. This systems ensures that the employees being
recruited are well aware of the organisation environment.

3) Employer Branding- Be a part of the 0.01%

The idea of being a part of an elite crowd of programmers in the country appeals to
the esteem need of the individuals in the Maslows Need Hierarchy. The promotion of
Cyberoam, using its existing market goodwill, as a niche recruiter is vital to attract the
best possible talent.

SELECTION PROCESS

Application
Review

Qualitative
Assessment

Cognitive
Process
Profile

Background
Check

Legal Record
Checks

Job Offered0.01%

7|Page

MARKETING
Cyberoam understands that it operates in a dynamic environment where the products,
markets, customers and needs change rapidly and continuously. Hence our marketing
strategies include both conventional and unconventional techniques of marketing. As our
target audience is very restrictive we could focus on B2B model of marketing

BRANDING
Your brand is the way you define yourself.
As the Cyberoam is expanding and starting a new department branding has to take place from
the scratch. Starting from the name of the company to its promotion everything must have a
proper flow of ideas.

1. Name and Logo

Brands can be successfully revamped by adapting current styles while celebrating its
history. Cyberoam, being the parent company already adds to the brand value of Quest
Assurance Services hence, we dont require convincing the market to use our new
department.

2. Quality and affordability

It takes that extra to make it extraordinary. This new department under Cyberoam is
aiming at high quality service at a decent price to attract customer in the initial stages.
This company aims at customer satisfaction with effective and efficient service.

3. Public Image
The public and market plays a major role in shaping the reputation of our brand. Its a
B2B market and we constantly need to be in touch with our customer. This can only be
achieved by aggressive marketing automation.

4. Promotion
In todays world, a smart ad plus a smart use of social media can produce a fresh
identity, even if its to promote an IT audit company. We believe our marketing
strategies can help build the need for the product in the market immediately.

8|Page

5. Social media
There is another world that exists online and we need to make ourselves

visible. The

Company must be very active at all such platforms from blogging to emails. This will
increase the trust that your clients have on you and will also help in attraction of new
customer.

MARKETING STRATEGIES
Marketing automation refers to software platform and technologies designed for marketing
departments to more effectively market on multiple channels such as emails, social media,
websites, etc. and automate repetitive task. Quest, being a IT audit company has a specific
audience which can we targeted only through formal ways of promotion.
Marketing automation is a very economical process. As Quest is a new department this could
help it market its brand in the cheapest possible way.
All out campaigns will we posted via this software, which will automatically send it to our
existing and potential customer
The Unseen Criminal Campaign

New hacking threats have emerged in the past couple of years and with it has increased
worldwide

concern

for

cyber

security. This campaign is run to

make small

and medium

scale

companies to understand the need of

such security. The investment they
make in us will give them assurance
that they are in safe hands. This
poster shall be made viral on social
media platforms such as the official
website, Facebook page, companys magazines and newspapers. Your clients are online and
you need to be as well. The idea behind the poster is to tell companies that crimes can take
place in any form and if they are securing themselves with physical guards then they also
require cyber security which Quest promised to give them. Our company can serve them
the best for such a job.

9|Page

REVENUE MODEL
The major revenue streams for this division would be the fee charged by us for providing this
service to the clients.
The revenue model will depend on two factors:

One-time service or recurring service

Extensiveness of the audit function

REVENUE STREAMS
ONE TIME

RECURRING

Basic review

Basic review

Complete systems review

Complete systems review

Extensive review

Extensive review

PRICING
Pricing has been based on the revenue streams stated above.
DURATION

ONE-TIME

RECURRING (annual)

Basic systems review

Rs. 45,000

Rs. 4,50,000

Complete systems review

Rs. 62,000

Rs. 6,00,000

Complete review

Rs. 80,000

Rs. 7,80,000

(covers systems, policies, procedures,

disaster management, etc.)

10 | P a g e

REVENUE PROJECTIONS
Based on the market analysis conducted by us, and based on the demand for such services in
the market, we expect to get following number of clients in the market.

CLIENT PROJECTIONS
DURATION

ONE-TIME

RECURRING (annual)

Basic systems review

80

25

Complete systems review

65

20

Complete review

50

12

DURATION

ONE-TIME

RECURRING (annual)

Basic systems review

Rs. 36,00,000

Rs. 1,12,50,000

Complete systems review

Rs. 40,30,000

Rs. 1,20,00,000

Complete review

Rs. 40,00,000

Rs. 93,60,000

(covers systems, policies, procedures,

disaster management, etc.)

REVENUE PROJECTIONS

(covers systems, policies, procedures,

disaster management, etc.)
TOTAL Rs. 1,16,30,000

Rs. 3,26,10,000

TOTAL PROJECTED REVENUE Rs. 4,42,40,000

11 | P a g e

COST BREAK-DOWN
COST OF RUNNING OPERATIONS

Employee Benefit Expenses

Designation

Number

Salary

Amount

Division Head

1,80,000

1,80,000

Project Managers

1,20,000

3,60,000

Software Engineers

10

80,000

8,00,000

Hackers

40,000

3,20,000

Data Analytics

25,000

1,50,000

Customer Relations

40,000

2,40,000

Coders

50,000

2,00,000

TOTAL (for one month) 23,50,000

TOTAL (for one year) 2,82,00,000

Depreciation

Number of

Cost of one

Cost of

Rate of

Annual

Computers

computer

Computers

depreciation

depreciation

40

40,000

16,00,000

15%

2,40,000

Marketing

The marketing department has been allotted Rs. 12,00,000 for conducting the marketing
campaigns for Quest Assurance Services.

12 | P a g e

PROJECTED INCOME STATEMENT

PARTICULARS
Revenue from Operations

Year 1
(INR)

Year 2
(INR)

Year 3
(INR)

4,42,40,000

4,86,64,000

5,59,63,600

4,42,40,000

4,86,64,000

5,59,63,600

Cost of Revenue

1,76,96,000

1,94,65,600

2,23,85,440

Employee Benefit Expense

2,82,00,000

3,10,20,000

3,41,22,000

2,40,000

2,40,000

2,40,000

12,00,000

10,00,000

8,00,000

Other Expenses

80,000

96,000

1,15,200

Total Expenses

4,74,16,000

5,18,21,600

5,76,62,640

-31,76,000

-31,57,600

-16,99,040

-31,76,000

-31,57,600

-16,99,040

(+)Other Non-operating Income

Total Income
(-)Expenses

Depreciation and Amortisation

Selling and Distribution Expense
Finance Cost

EBT
Provision for Tax
EAT

13 | P a g e