{CLIENT ORGANIZATION}

Security Assessment Report

March 2, 2005

Report Prepared by:

{YOUR NAME}, {YOUR CREDENTIALS}

{YOUR EMAIL ADDRESS}

{YOUR PHONE NUMBER}

{YOUR ORGANIZATION}

{YOUR MAILING ADDRESS}

Executive Summary 5

Top-Ten List 5 1. Information Security Policy 5 2. {Security Issue #2} 5 3. {Security Issue #3} 5 4. {Security Issue #4} 5 5. {Security Issue #5} 5 6. {Security Issue #6} 6 7. {Security Issue #7} 6 8. {Security Issue #8} 6 9. {Security Issue #9} 6 10. {Security Issue #10} 6

Introduction 7

Scope 7 Project Scope 7 In Scope 7 Out of Scope 7

Site Activities Schedule 7 First Day 7 Second Day 7 Third Day 7

Background Information 8

{CLIENT ORGANIZATION} 8

Asset Identification 9

Assets of the {CLIENT ORGANIZATION} 9

Threat Assessment 9

Threats to the {CLIENT ORGANIZATION} 9

Laws, Regulations and Policy 10

Federal Law and Regulation 10

{CLIENT ORGANIZATION} Policy 10

Vulnerabilities 10 The {CLIENT ORGANIZATION} has no information security policy 10 {State the Vulnerability} 10

Personnel 11

Management 11

Operations 11

Development 11

Vulnerabilities 11 There is no information security officer 11 {State the Vulnerability} 11

Network Security 12

Vulnerabilities 12 The {CLIENT ORGANIZATION} systems are not protected by a network firewall 12 {State the Vulnerability} 13

System Security 13

Vulnerabilities 13 Users can install unsafe software 13 {State the Vulnerability} 14

Application Security 14

Vulnerabilities 14 Sensitive information within the database is not encrypted 14 {State the Vulnerability} 14

Operational Security 15

Vulnerabilities 15 There is no standard for security management 15 {State the Vulnerability} 15

Physical Security 15

Vulnerabilities 15 Building Vulnerabilities 16 Several key doors within the building are unlocked or can be forced open 16 {State the Vulnerability} 16 Security Perimeter Vulnerabilities 16 There is no entryway access control system 16 {State the Vulnerability} 17 Server Area Vulnerabilities 17 The backup media are not protected from fire, theft, or damage 17 {State the Vulnerability} 17

Summary 18

Action Plan 18

References 18

Executive Summary

|Briefly describe the activities of the assessment. |
|Talk about the importance of information security at the client organization. |
|Discuss security efforts that the organization has under taken. |
|Highlight three major security issues discovered that could significantly impact the operations of the organization. |

Top-Ten List

|A top-ten list is used to highlight the ten most urgent issues discovered during an assessment. Clients unfamiliar with security |
|may be overwhelmed by a long list of problems. Putting the major issues together may allow the client to easily focus efforts on |
|these problems first. |

The list below contains the “top ten” findings, weaknesses, or vulnerabilities discovered during the site security assessment. Some of the issues listed here are coalesced from more than one section of the assessment report findings. Additional information about each is provided elsewhere in the report.

It is recommended that these be evaluated and addressed as soon as possible. These should be considered significant and may impact the operations of the {CLIENT ORGANIZATION}.

1. Information Security Policy

An information security policy is the primary guide for the implementation of all