This was solid advice. I've been wanting to move into the CTI space and I haven't come across too many tips that break down writing an effective executive summary.
1. Have a problem statement: What is wrong from a business perspective. Example: Password are unencrypted which dramatically increases risk of class-action lawsuits.
2. Have a list of corrective controls: Staff training, audits, technical controls
3. Cost statement: X control costs $Y.
4. Risk analysis: Problem reduced by 43%.
5. Summary statement: Execute this, it pays for itself.
Bear in mind an executive summary is either superficial or its a lie. You need to have a real technical report behind the executive summary so that it isn't a lie.
2. Have a list of corrective controls: Staff training, audits, technical controls
3. Cost statement: X control costs $Y.
4. Risk analysis: Problem reduced by 43%.
5. Summary statement: Execute this, it pays for itself.
Bear in mind an executive summary is either superficial or its a lie. You need to have a real technical report behind the executive summary so that it isn't a lie.