The NVA Process, Step-by-Step (5/5)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

78 Managing Network Vulnerability Assessment

This part of the NVA usually requires tact and patience. Inevitably, some

of the sponsor reviewers will see parts of the Draft Report as a direct reﬂection

of their competence or job performance. It may be difﬁcult to protect the

integrity of your ﬁndings without offending some of the reviewers. Negotiate

as much as you can, because it is important that everyone understand that

the ﬁndings are intended to provide guidelines for improved security for the

company, not to review anyone’s performance.

Phase V: Final Report and Presentation

The Team Lead gathers the sponsor’s comments and integrates them into the

Final Report. The Final Report is then generated; a limited number of copies

should be made. The Final Report follows the same format as the Draft Report.

Each copy should be clearly numbered; the Team Lead will assign each

numbered copy to a particular person and maintain a list of who gets which

copy.

The NVA team should keep a backup copy of the Final Report. All other

copies of the report are to be given to the sponsor, who has been identiﬁed

as the Owner. This individual is responsible for authorizing access to the

report based on the business needs of the asset classiﬁcation policy.

The Team Lead is responsible for ensuring that all other materials relating

to this NVA are destroyed or deleted.

The Team Lead delivers the Final Report to the sponsor. The POC should

set up a meeting between the Team Lead and senior management to review

the ﬁndings of the Final Report. The Team Lead (or appropriate NVA team

members) will put together a presentation (i.e., PowerPoint) summarizing the

NVA methodology and goals, the ﬁndings, and the recommendations. The

Team Lead should be prepared to discuss strategies for implementing the

ﬁndings, but he should be careful not to exceed the scope of the NVA.

In summary, the presentation of the Final Report should cover the following:

 Reintroduce the NVA process

 Explain what the team did

 Present the ﬁndings

 Provide general recommendations

 Provide speciﬁc recommendations

 Wrap up with questions and answers

Post Project

As with all projects, a Lessons Learned meeting with the NVA team can provide

valuable insight into the NVA process, the strengths and weaknesses of the

methodology, and the areas where we need to gain more expertise. The Team

Lead is responsible for convening this meeting, documenting the results, and

ensuring that the results are incorporated into the methodology and NVA

materials.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for The NVA Process, Step-by-Step (5/5)

Create new playlist

Sign In

Sign Up

Table of Contents for
The NVA Process, Step-by-Step (5/5)