138 A Practical Guide to Security Assessments
PREPARE INITIAL QUESTION SETS
Question sets, as you will see in the next chapter, are used to facilitate meetings
with the client’s subject matter experts. In this phase, the generic questionnaires to
be used for the interviews with business process owners are developed. The generic
questions can be customized based on the research done thus far and the answers
to the initial questionnaire discussed with the client. In the generic questionnaire,
there are two types of questions — business process and security-related questions.
These questions are a starting point that can be augmented by questions from the
appendices as well as your existing knowledge about the client. These question sets
will be finalized in the next phase, once you have a more detailed understanding of
the business from meeting with management.
DEVELOP AND DOCUMENT TEMPLATE FOR FINAL REPORT
The final report is going to be the product resulting from the assessment. It is
important to ensure that the proper time is spent on producing a document that can
be used by the client as a “security roadmap” for the future. One of the ways to
have more time at the later stages of the assessment to focus on the document is to
get some of the document done early. At this stage, you know several of the
components of the final report so it is best to complete those now.
The final report can be set up with the right headings and can be populated with
some information you already know such as part of the executive overview, scope,
methodology, and current state. If this document is started, you can continue to
populate it once you begin fieldwork so that the final report is completed efficiently.
AU1706_book.fm Page 138 Tuesday, August 17, 2004 11:02 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.