ABSTRACT
This phase is critical in that all of the good work in the previous phases can be a wasted effort if the analysis in this phase is not performed and presented properly. Remember that the final report is the only tangible item that comes out of a security assessment. Ideally, the client should use the final report from the security assessment as the list of action items to improve the company’s information security program. For this to happen, the final report must address several audiences (technical, management, etc.) and must present the findings, risks, and recommendations so they can be easily be translated into action items.
