Appendix C. Security Assessment Sample Report

This appendix provides a template example, as shown in Table C.1, that can be used for a final report. This template outlines the information, data, and procedures for documenting a security assessment so that the results can be provided to management. The report template contains the following sections:

  • Notice
  • Executive summary
  • Introduction
  • Statement of work
  • Analysis
  • Conclusions

Note that this is an example; each organization should modify this template to meet its own existing needs. Below the template you will find guidelines and information on what each section should contain.

Note

The template example shown in the appendix is also available on the book's web page.

Table C.1. Security Assessment Sample Report

Section

Contents

Notice

Contains confidentiality notice.

Executive summary

Brief overview of the assessment and its findings.

Introduction

Discusses organization, locations, mission, and employees.

Statement of work

Defines the "what" and "how" of the assessment.

Analysis

Details what you found and how you found it.

Conclusions

Outlines what changes should be made to improve security.


Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net