All of the work executed during a security assessment will likely culminate in a customer-facing report. But what should this report look like? Jerod helps you understand the different audiences that will be consuming your security assessment reports, providing you with insights into how to prepare a report that will effectively communicate the findings to your customer.
- [Narrator] With the security assessment complete…and the report drafted, you're ready to deliver…it to the customer, almost.…Don't get in the habit of writing a single draft…of the report and sending that on to the customer,…not if you want to work with that customer again.…You're likely to have three general audiences…who will ultimately read your report,…executives, management and staff.…Executives want the big picture, the 30 thousand foot view.…
The executive summary should be as short as possible…and the language used in the executive summary…should be more business-centric.…These execs will use the information…in the executive summary to make budget…and staffing decisions.…Management will be responsible for allocating…the resources necessary to remediate any findings.…This might include assigning staff members…from other projects which could impact…those project timelines.…
It could also include purchasing additional licenses,…updating security documentation and communicating…those changes to other members of the company.…
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
- Identifying the five major types of security assessments
- Defining the security assessment life cycle
- Setting up your testing environment
- Planning a security assessment
- Reviewing documentation, logs, and more
- Identifying test targets
- Testing for password and other security vulnerabilities
- Drafting and delivering your report
Skill Level Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
What you should know1m 49s
1. Understanding Security Assessments
2. Your Testing Environment
3. Planning Your Assessment
4. Review Techniques
5. Identifying Your Targets
6. Vulnerability Validation
7. Additional Considerations
Next steps3m 39s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.