Ethical Hacking Report
Objective:
Describe test deliverables
Although we have not actually begun testing, you do need to start thinking about the final report. Throughout the entire process, you should be in close contact with management to keep them abreast of your findings. There shouldn’t be any big surprises when you submit the report. While you might have found some serious problems, they should be discussed with management before the report is written and submitted. The goal is to keep them in the loop and advised of the status of the assessment. If you find items that present a critical vulnerability, you should stop all tests and immediately inform management. Your priority should always be the health and welfare of the organization.
The report itself should detail the results of what was found. Vulnerabilities should be discussed as should the potential risk they pose. Although people aren’t fired for being poor report writers, don’t expect to be promoted or praised for your technical findings if the report doesn’t communicate your findings clearly. The report should present the results of the assessment in an easy, understandable, and fully traceable way. The report should be comprehensive and self-contained. Most reports contain the following sections:
Introduction
Statement of work performed
Results and conclusions
Recommendations
Since most companies are not made of money and cannot secure everything, you should rank your recommendations so that the ones with the highest risk/highest probability are at the top of the list.
The report needs to be adequately secured while in electronic storage. Encryption should be used. The printed copy of the report should be marked “Confidential” and while in its printed form, care should be taken to protect the report from unauthorized individuals. You have an ongoing responsibility to ensure the safety of the report and all information gathered. Most consultants destroy reports and all test information after a contractually obligated period of time.
TIP
The report is a piece of highly sensitive material and should be protected in storage and when in printed form.
No comments:
Post a Comment