Analysis

This section of the report lists what you found and how you found it. This is the current state of the network. You will want to discuss items of concern that were discovered during the assessment. Because this section follows the statement of work, it should build on what you did during testing. The results of your tests and examinations should be discussed. Overall, this section should stay focused on the importance of security to the organization. It is important to remember to keep your findings balanced. Organizations are not all good or bad, and the findings shouldn't be, either. Comment on what the company is doing right.

Discussion of findings should list several sentences that briefly detail each problem. It can be organized in a table by findings and show the impact to the organization, such as high, medium, or low, as well as a solution. Or it can be organized by class and category, such as management findings, operational findings, and technical findings.

Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net