Statement of Work

This section of the report should address the "what" and "how" of the assessment. You will want to review the final scope of the assessment. No matter how it started, there is always the possibility that during the assessment some project creep occurred.

Describe what systems or networks were examined, what they are used for, and how they were examined. Was only a level I assessment performed in which documentation was reviewed? Was a level II assessment performed, with some scanning and hands-on testing? Or was a level III assessment performed with in-depth penetration testing? You will want to list all these details here. Include such things as the types of policies that were reviewed, the number of servers and workstations examined, and the hardware platform, software, firewalls, and other items that help list and specify what exactly was tested and how. Any of these systems or devices that connect externally should be described, as should the security levels related to this connection.

Discuss which individuals performed which tests. What equipment and methods were used to perform these tests? Most likely there were system demonstrations and interviews. This information should also be mentioned. Stick to numbers and systems here. An assessment is not an audit, so individuals shouldn't be mentioned.

Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net