Creating an Action Plan from a Security Review
The typical action plan table will have the following headings
Vulnerable Area/System – The area (Active Directory) or System (Checkpoint Firewall)
Threat Description – A short description of the threat / vulnerability. The full description and/or risks will either be listed elsewhere in this report or in separate threat analysis report
Severity – The risk level of the threat…High, Medium, Low
Remediation Effort – This is based on the amount of work that will be required to implement the specific control. I prefer to use Costly, Moderate, Low.
Recommendation – This is the recommendation to correct the deficiency. I choose to keep this at a high level, as details can be provided to each responsible area.
Finally, an appendix of definitions. At a minimum it includes the definitions of the Risk ratings and Remediation Effort ratings.
Until next time….
~Skeeter
*** This is a Security Bloggers Network syndicated blog from Skeeter Spray authored by Skeeter. Read the original post at: http://skeeterspray.blogspot.com/2013/07/creating-action-plan-from-security.html