|
|
|
|
|
|
by austincheney
2039 days ago
|
|
|
1. Have a problem statement: What is wrong from a business perspective. Example: Password are unencrypted which dramatically increases risk of class-action lawsuits. 2. Have a list of corrective controls: Staff training, audits, technical controls 3. Cost statement: X control costs $Y. 4. Risk analysis: Problem reduced by 43%. 5. Summary statement: Execute this, it pays for itself. Bear in mind an executive summary is either superficial or its a lie. You need to have a real technical report behind the executive summary so that it isn't a lie. |
|
|