CISSP考试指南笔记:6.4 报告

于 2021-03-06 00:03:19 发布
阅读量133 收藏
点赞数
分类专栏: CISSP备考资料
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xuzhina/article/details/114420987
版权

Analyzing Results

Only after analyzing the results can you provide insights and recommendations that will be valuable to senior decision-makers.

First you gather all your data, organize it, and study it carefully.

The second step in your analysis is to determine the business impact of those facts.

The third step is to figure out the now what? Senior decision makers (especially non-technical ones) almost always prefer being informed what is the right security course of action. Your job is to show that you have considered the options and have sound recommendations that address the broader organizational needs.

The goal of this analysis process is to move logically from facts to actionable information.

Writing Technical Reports

A good technical report tells a story that is interesting and compelling for its intended audience.

The following are key elements of a good technical audit report:

  • Executive Summary We’ll get into the weeds of this in the next section, but you should always consider that some readers may not be able to devote more than a few minutes to your report. Preface it with a hard-hitting summary of key take-aways.

  • Background Explain why you conducted the experiment/test/assessment/audit in the first place. Describe the scope of the event, which should be tied to the reason for doing it in the first place. This is a good place to list any relevant references such as policies, industry standards, regulations, or statutes.

  • Methodology As most of us learned in our science classes, experiments (and audits) must be repeatable. Describe the process by which you conducted the study. This is also a good section in which to list the personnel who participated, dates, times, locations, and any parts of the system that were excluded (and why).

  • Findings You should group your findings to make them easier to search and read for your audience. If the readers are mostly senior managers, you may want to group your findings by business impact. Technologists may prefer groupings by class of system. Each finding should include the answer to “so what?” from your analysis.

  • Recommendations This section should mirror the organization of your Findings and provide the “now what?” from your analysis. This is the actionable part of the report, so you should make it compelling. When writing it, you should consider how each key reader will react to your recommendations. For instance, if you know the CFO is reluctant to make new capital investments, then you could frame expensive recommendations in terms of operational costs instead.

  • Appendices You should include as much raw data as possible, but you certainly want to include enough to justify your recommendations. Pay attention to how you organize the appendices so that readers can easily find whatever data they may be looking for.

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:6.4 报告

debugeeker
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
CISSP SUMMARY - 总结
02-16
CISSP 8个领域知识点总结,适用于备考总结和临考对知识点的整体回顾.
CISSP Summary.pdf
02-17
CISSP Summary.pdf
CISSP summary V2.0 37页太阳花总结英文版
03-19
CISSP summary v2.0是第一版太阳花总结的升级版,由第一版本的10个域对应最新AIO的八个域,对于学习后的加深回顾都很有帮助。此版本为英文版,对应索引词汇和解释都还可以
cissp-summary:我的 CISSP 考试准备学习指南
06-13
CISSP指南 这是我准备 CISSP 考试的学习指南。 它涵盖了所有相关领域的基本信息。 我的目标是尽可能保持简短,省略大部分基础知识,因此必须先了解一些有关 IT 安全的知识。 访问控制 根据安全要求,允许/拒绝主体与对象通信的能力。 需要保护信息、计算机、网络和所有其他基础设施(建筑物)。 CIA 三元组:机密性、完整性、可用性 确定资源(需要保护哪些实体)和用户(确定谁需要访问)之间的关系,设置访问控制级别 最小权限/需要知道原则:只为他们需要执行的任务提供最小访问权限,默认为无访问权限 职责分离:在用户之间分配任务/权利/特权,阻止欺诈,分裂知识 三个认证因素: 知识因素:一个人知道的东西(例如PIN) 所有权因素:一个人拥有的东西(例如智能卡) 特征因素:一个人是什么(例如指纹) 密码类型: 标准/简单:单个单词,大写/小写 数字:只是数字 组合:字典词组合 静态:
CISSP Summary Sunflower 太阳花重要考点总结
02-22
传说中的太阳花考点总结 英文版 包含CISSP 10 domains 个人经验是不错的备考中期查缺补漏的资料 总结非常全面 考完后觉得可能比考试更technical一些
CISSP考试指南笔记:1.19 道德
debugeeker的专栏
12-18 178
(ISC)2 requires all certified system security professionals to commit to fully supporting its Code of Ethics. Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsi
CISSP考试指南笔记:2.6 保护资产
debugeeker的专栏
12-19 160
Data Security Controls Which controls we choose to use to mitigate risks to our information depend not only on the value we assign to that information, but also on the dynamic state of that information. Data exists in one of three states: at rest, in moti
CISSP考试指南笔记:3.2 计算机架构
debugeeker的专栏
12-21 203
Computer architectureencompasses all of the parts of a computer system that are necessary for it to function, including the central processing unit, memory chips, logic circuits, storage devices, input and output devices, security components, buses, and n.
CISSP考试指南笔记:1.17 人员安全
debugeeker的专栏
12-18 170
Separation of dutiesmakes sure that one individual cannot complete a critical task by herself. Collusionmeans that at least two people are working together to cause some type of destruction or fraud. Two variations of separation of duties aresplit kno...
CISSP认证考试指南第7版-样张
04-25
此为CISSP认证考试指南第7版的样张,有需要的朋友可以先看看,今年新出的2018年第一版
CISSP学习指南:用于2018 CISSP考试的学习材料
02-05
CISSP学习指南:用于2018 CISSP考试的学习材料
CISSP认证考试指南2018
01-18
CISSP认证考试指南2018
CISSP考试指南
06-18
本文档是CISSP的认证考试指南,有意考取这个认证的朋友可以学习
CISSP考试指南笔记:2.3 责任分层
debugeeker的专栏
12-19 162
Senior management always carries the ultimate responsibility for the organization. Executive Management The CFO and CEO are responsible for informing stakeholders (creditors, analysts, employees, management, investors) of the firm’s financial condition and
CISSP考试指南笔记:1.20 快速提示
debugeeker的专栏
12-18 203
The objectives of security are to provide availability, integrity, and confidentiality protection to data and resources. A vulnerability is a weakness in a system that allows a threat source to compromise its security. A threat is the possibili..
CISSP考试指南笔记:3.1 系统架构
debugeeker的专栏
12-21 122
Anarchitectureis a tool used to conceptually understand the structure and behavior of a complex entity through different views. Anarchitecture descriptionis a formal description and representation of a system, the components that make it up, the inter...
CISSP考试指南笔记:3.9 系统安全
debugeeker的专栏
01-02 149
Client-Based Systems Client-based systems are embodied in applications that execute entirely on one user device。 Client/Server Systems A client/server (also called server-based) system requires that two (or more) separate applications interact with each
cissp 各章知识点临时记录
freshfox的博客
07-04 677
第一章 1. 安全三要素 2. 安全框架 27000 等 3. 法律相关。 4. 知识产权法 ,商业秘密, 版权,专利, 5 各种信息安全相关法案。 6 策略,标准,基线,指南 过程 7风险相关的几个公式 。 8 风险管理框架。 ...
cissp认证考试指南
最新发布
05-18
以下是CISSP认证考试指南: 1.了解考试内容:CISSP认证考试共包含8个主题领域,分别是安全与风险管理、资产安全、安全工程、通信与网络安全、身份与访问管理、安全评估与测试、安全操作以及软件开发安全。考生...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值