18B: List Report Contents

Question 1

This is a part of the written report, and is a high level and concise overview of the penetration test, its findings, and their impact. This will typically be geared toward the c-suite.

Answer 1

executive summary

Question 2

A high-level description of the standards or framework followed to conduct the penetration test.

Answer 2

methodology

Question 3

A detailed explanation of the steps taken while performing the activity.

Answer 3

attack narrative

Question 4

A strategic assessment of what level of residual risk is tolerable for an organization.

Answer 4

risk appetite

Question 5

The process of assigning quantitative values to the identified risks.

Answer 5

risk rating

Question 6

The process of adjusting the final rating of vulnerabilities to the client needs.

Answer 6

risk prioritization

Question 7

Systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

Answer 7

business impact analysis (BIA)

Question 8

Quantifiable measurements of the status of results or processes.

Answer 8

metrics

Question 9

The specific data points that contribute to a metric

Answer 9

measures

Question 10

The possible solution to the issue identified during the penetration test.

Answer 10

remediation