Get started Bring yourself up to speed with our introductory content.

What are the tangible deliverables of the security assessment?

Learn what standard deliverables are for a security site assessment and how to tailor them to the expected audience.

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

The standard deliverable is typically a written report comprised of an executive summary, description of assessment methodology, findings with associated risk rankings, recommendations and supporting appendices. It's always good to discuss the intended audience of any deliverables, to clarify expectations of different constituencies as appropriate (executive, management, technical staff, etc.). If time and materials is specified as the sole deliverable (such as in staff augmentation engagements), then this should be specified along with mechanisms to determine customer satisfaction in the absence of tangible deliverables.

This was last published in May 2008

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchDataManagement

SearchBusinessAnalytics

Close