Re: Mangement security report

["Adam Pal" <pal_adam () gmx net>]

Hi Patrick

I suggest, you move away from the point of view of a security report to the point of view of the management, like "what 
would be the management interested in?" 
If your german skills are ok, you can try to have a look at BSI Grundschutz, otherwise having a quick-view at Cobit can 
help you to find an answer too.
Basicaly, i would say it should include business-relevant facts since imho. management is not intrested in how good the 
firewall works and how much spam has been filtered, but in an approach to costs, like working costs for filtering spam 
manualy vs. saved costs by filtering N spam-mails by the new system, costs needed to repair intrusion damage vs. saved 
costs by blocking N illegal access attempts. 
For 2nd, 3rd and next reports you could also include trends, from last reports up to now, dont forget management loves 
charts :) 
Just take it as a draft.


regards

Adam Pal


-------- Original-Nachricht --------
> Datum: Thu, 13 Mar 2008 11:05:58 -0400
> Von: Patrick A Hendrick <phendrick () gmail com>
> An: security-basics () securityfocus com
> Betreff: Mangement security report

> I know this has come across this list before, but I would appreciate any 
> feedback. I want to begin giving either monthly or quarterly security 
> reports to management. I'm curious if there are standards for these 
> types of reports, such as what should be included. I'm afraid that I 
> would get too detailed. What items do you recommend being in a 
> management security report?

-- 
Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games! 
http://games.entertainment.gmx.net/de/entertainment/games/free