In many ways, the introduction restates what has been briefly covered in the Executive Summary. Therefore, the first one or two paragraphs should discuss the organization, its locations, mission, employees, and the items that were assessed.
Again, why was the assessment performed? The reasons might be due diligence; compliance with state, provincial, or federal laws; a breach in security; or other factorsthe level of urgency will vary. So you will want to be sure to keep this in mind when detailing the project. Include what types of information the vulnerability assessment team gathered and how they gathered it.
Introduction to Assessing Network Vulnerabilities
Foundations and Principles of Security
Why Risk Assessment
Scoping the Project
Understanding the Attacker
Performing the Assessment
Tools Used for Assessments and Evaluations
Preparing the Final Report
Appendix A. Security Assessment Resources
Appendix B. Security Assessment Forms
Appendix C. Security Assessment Sample Report
Appendix D. Dealing with Consultants and Outside Vendors
Appendix E. SIRT Team Report Format Template