Building the Final Report

With the analysis complete, it's now time to document the results in an official report. The final report is designed to be read by senior management. Its purpose is to help them make operational, technical, and managerial changes. The report should describe threats and vulnerabilities and provide recommendations for controls to reduce risk. The finished document should not read like an audit or investigational report, because that is not what it is. An assessment is a systematic, analytical methodology to assessing vulnerabilities. It is not looking for wrongdoing or to hold individuals accountable for specific actions.

To document your findings and propose solutions, make sure to give those who will be reading the report enough information to make a decision and take action. Writers with a traditional, scientific background often write very precisely, whereas those from other backgrounds sometimes have a more fluid style. No matter what your background is, establish a style that is concise in its approach but allows for more descriptive paragraphs when needed. The last thing you want is for your assessment to not be taken seriously because of a problem with the written report. Common documentation problems include the following:

  • Information is hard to scan and grasp quickly.
  • Organization is poor or cumbersome.
  • Logic leading to conclusions is unclear.
  • Conclusions and recommendations are not spelled out.
  • Document focus is unclear.
  • Sentences are poorly constructed.
  • Word choice is imprecise.
  • Too much jargon is used.
  • Document is poorly constructed.
  • Documents are too long.

Avoiding these pitfalls will help ensure that your report gets the time and consideration it deserves. You goal is to communicate effectively the knowledge and information that you have gained by performing this assessment. From a technical context, this report has two major goals:

  • It clarifies your findings for the reader.
  • It conveys critical information.

Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net