Preparing the Final Report

Although the hands-on portion of the assessment is complete, you still have a report to write. You also have data to analyze. This chapter discusses one method you can use to accomplish this. This step of the assessment is just as important as the scoping and the hands-on activities. Before you start thinking that you're going to take on this work by yourself, remember that your team can be as big an asset here as they were during the previous assessment activities.

Maybe you're thinking, "Hey, people aren't fired for being poor report writers." Maybe not, but don't expect to be promoted or praised for your technical findings if the report doesn't communicate your findings clearly. The post-assessment report should present the results of the assessment in an easily understandable and fully traceable way. The report should be comprehensive and self-contained. Because this is such an important topic, we'll spend time in this chapter discussing what should be in the final report and how you can format this document. Let's get started!

Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net