Statement of Work
This section of the report should address the “what” and “how” of the assessment. You will want to review the final scope of the assessment. No matter how it started, there is always the possibility that during the assessment some project creep occurred.
Describe what systems or networks were examined, what they are used for, and how they were examined. Was only a level I assessment performed in which documentation was reviewed? Was a level II assessment performed, with some scanning and hands-on testing? Or was a level III assessment performed with in-depth penetration testing? You will want to list all these details here. Include such things as the types of policies that were reviewed, the number of servers and workstations ...
Get Inside Network Security Assessment: Guarding Your IT Infrastructure now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
