Back to all activities

Report Creation

Summary

This component consists of an auditor compiling their audit notes and recommendations into a comprehensive set of documents the shows the current state of security, the process by which the auditor came to that assessment, and recommendations that will guide the hosts progression to meet their security goals.

Considerations

    • Treat the report with the utmost security. It should only be shared as a complete work between the auditor(s) and the identified leadership and points of contact of the organization.

Walkthrough

    • Create charts and visuals for roadmap, risk-matrix, implementation matrix, and critical processes.
    • Compile approaches, impact, risk, recommendations and resources for each vulnerability.
    • Prepare narrative components.
    • Write explanations for why any adversaries or threats that the auditor identifies as "un-addressable" with the organizations current capacity.
    • Collect agreements & scope.
    • Document tools used for testing where needed.
    • Update glossary where needed.
    • Compile full report contents.
    • Send the report to client. secure_reporting
    • Document updates to activities to submit back to SAFETAG.