Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC300 Offensive Security Dr. Ronny L. Bull, Ph.D. Executive Summary

Published byRandolf Charles Modified over 6 years ago

Similar presentations

Presentation on theme: "CSC300 Offensive Security Dr. Ronny L. Bull, Ph.D. Executive Summary"— Presentation transcript:

1 CSC300 Offensive Security Dr. Ronny L. Bull, Ph.D. Executive Summary

2 Overview Executive Summary Background Overall Posture General Findings
Recommendation Summary Strategic Roadmap

3 Executive Summary Intended to provide a high level overview for non- technical executives in charge of: Oversight of corporate affairs Strategic vision of organization Security program Operations Financial aspects

4 Executive Summary Should contain the following sections: Background
Overall Posture Risk Ranking/Profile General Findings Recommendation Summary Strategic Roadmap

5 Executive Summary Background Section
Should identify the overall purpose of the test Should contain information based on pre-engagement relating to: Risks Countermeasures Testing Goals These help reader connect to overall test objectives and results

6 Executive Summary Background Section (Cont)
If any objectives were changed during the test they should be highlighted in the background section so they can be identified up front.

7 Executive Summary Overall Posture Section
Narrative of the overall effectiveness of the test Did the pen-testers satisfy all of the goals identified during pre-engagement? Brief descriptions of issues identified through testing process (high level) Ability to achieve access to goal information and identify risks to the business

8 Executive Summary Risk Ranking/Profile Summary
How does the organization rank in terms of Risk Scoring mechanism should be identified in pre- engagement, so that it is understood when presented at the end of the test Low, Moderate, Elevated, High, Extreme Use numeric value ranges to indicate risk level

9

10 Executive Summary General Findings Section
Provides a synopsis of the issues found during the penetration test Basic and statistical formats Graph representations Targets tested Testing results Processes Attack scenarios Success rates

11

12 Executive Summary Recommendation Summary
Provide a high level understanding of the tasks needed to resolve the risks identified General level of effort required to implement each resolution Give them an idea of the resources it will require Prioritization of tasks in order of risk by weight What should the organization fix now What can wait

13 Executive Summary Strategic Roadmap
Should include prioritized plan for remediation of risks found Weighted against business objectives and level of impact Break up into per-defined time/objective based goals Will help to create a plan to follow for remediation

14

15

16

17 Example

18 Your Task Search for some other example Executive Reports
Evaluate them based upon the criteria set forth in these slides as well as at: Do they follow the guidelines? Do they provide any extra information not listed in the guidelines? Was this information necessary, or does it just add more confusion for non-technical individuals?

19 Some Fun For This Week https://www.hackthissite.org/
Sign up for an account Start going through the basic missions See how far you can get by the end of class on Thursday If you get through the basic missions feel free to start on the Realistic ones No report due next week!

Download ppt "CSC300 Offensive Security Dr. Ronny L. Bull, Ph.D. Executive Summary"

Similar presentations

How to Write a Winning Business Plan By: Jessica, Melanie and Mehr.

How to Write a Winning Business Plan By: Jessica, Melanie and Mehr.
Employ marketing-information to develop a marketing plan

Employ marketing-information to develop a marketing plan
PROJECT TITLE Project Leader: Team: Executive Project Sponsor (As Required): Date: Month/Day/Year 110/17/2014 V1.

PROJECT TITLE Project Leader: Team: Executive Project Sponsor (As Required): Date: Month/Day/Year 110/17/2014 V1.
PROJECT TITLE Project Leader: Team: Executive Project Sponsor (As Required): Date: Month/Day/Year 110/17/2014 V1.

PROJECT TITLE Project Leader: Team: Executive Project Sponsor (As Required): Date: Month/Day/Year 110/17/2014 V1.
SMALL BUSINESS PLAN GUIDE

SMALL BUSINESS PLAN GUIDE
Strategies for Developing and Implementing a Successful Strategic/Business Plan Affiliated Programs 19 th Annual Meeting October 27, 2009 595 Haddon Avenue.

Strategies for Developing and Implementing a Successful Strategic/Business Plan Affiliated Programs 19 th Annual Meeting October 27, Haddon Avenue.
HOW TO WRITE MARKETING PLAN. Companies that are successful in marketing, always start with a marketing plan. Marketing plan acts as a road map of success.

HOW TO WRITE MARKETING PLAN. Companies that are successful in marketing, always start with a marketing plan. Marketing plan acts as a road map of success.
ASEC/SLDI FINANCIAL MANAGEMENT COURSE 1 TOPIC: STRATEGIC PLANNING, OPERATIONAL PLANNING AND BUSINESS PLANNING MODULE 5 BY: CORAT AFRICA.

ASEC/SLDI FINANCIAL MANAGEMENT COURSE 1 TOPIC: STRATEGIC PLANNING, OPERATIONAL PLANNING AND BUSINESS PLANNING MODULE 5 BY: CORAT AFRICA.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Accion: Resources for Entrepreneurs Mario Cardona Loan Officer.

Accion: Resources for Entrepreneurs Mario Cardona Loan Officer.
PROJECT TITLE Project Leader: Team: Executive Project Sponsor (As Required): Date: Month/Day/Year 6/25/2015 V2.

PROJECT TITLE Project Leader: Team: Executive Project Sponsor (As Required): Date: Month/Day/Year 6/25/2015 V2.
Session 11 Table of C/P Development Framework Project for Capacity Development for Implementing the Organic Law at the Capital and Provincial Level (PILAC.

Session 11 Table of C/P Development Framework Project for Capacity Development for Implementing the Organic Law at the Capital and Provincial Level (PILAC.
The Marketing Plan Ms. Smith

The Marketing Plan Ms. Smith
BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.

BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.
Project Report. Suggested TOC Executive Summary Project Background and Assumptions Vision and Mission Statements Objectives SWOT Analysis Recommended.

Project Report. Suggested TOC Executive Summary Project Background and Assumptions Vision and Mission Statements Objectives SWOT Analysis Recommended.
COMP 208/214/215/216 – Lecture 8 Demonstrations and Portfolios.

COMP 208/214/215/216 – Lecture 8 Demonstrations and Portfolios.
1 Presentation Template: Instructor Comments u The following template presents a guideline for preparing a Six Sigma presentation. An effective presentation.

1 Presentation Template: Instructor Comments u The following template presents a guideline for preparing a Six Sigma presentation. An effective presentation.
Financed bySupported byImplemented in cooperation with Creating operational plan.

Financed bySupported byImplemented in cooperation with Creating operational plan.
PROJECT TITLE Project Leader: Team: Executive Project Sponsor (As Required): Date: Month/Day/Year 16/25/2015 V2.

PROJECT TITLE Project Leader: Team: Executive Project Sponsor (As Required): Date: Month/Day/Year 16/25/2015 V2.
CINAPTUS Technology Consulting Strategic Alignment Lecture 2.

CINAPTUS Technology Consulting Strategic Alignment Lecture 2.

Similar presentations

Ads by Google