Red Team Assessment Phases: Reporting

Reporting is the final and potentially most important phase of a red team assessment. The goal of a red team assessment is to provide the client with a comprehensive view of their security and the ability to act to correct any identified issues. Any part of the assessment that the client can’t understand and act upon based on the report might as well not have happened, so it benefits everyone if the team puts in the time and effort to develop a clear and comprehensive report of the assessment.

Scoping the Phase

The goal of the reporting phase of a red team assessment is to convey the crucial information discovered during the course of the assessment to the customer. In this phase, the red team needs to be able to distill all of the data collected throughout the course of the exercise into the essential information that the customer needs to have and convey it in a way which is valuable to non-technical executives and the technical security team both.

Achieving Phase Goals

The reporting phase of an assessment should end with the client being presented with a report that covers any and all information that they need to know regarding the assessment. To reach this point, the red team needs to identify what information is essential or not, organize it into a consumable format for the customer and write the report in a way that brings value to the client and encourages a healthy working relationship.

Identifying Important Information

The first step in the reporting stage of a red team assessment is identifying what does and does not need to be included in the report. This varies from assessment to assessment based on the needs and wishes of the client, but a few pieces of information are always good (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/YkeJxi_4pMA/