Weitere Kapitel dieses Buchs durch Wischen aufrufen
Pick a cliché that makes sense here. Where the rubber meets the road, for instance. Reporting is where it really all happens. You can spend days or weeks doing the actual testing, but if you don’t report it, what was the point? When you are trying to get the attention of someone who may actually be able to fix the issues that you found, you need to deliver a professional presentation and be able to explain the issues in a very clear manner. It’s important to convey your findings in an objective fashion so someone who doesn’t understand information security will be able to comprehend what you are saying. They also need to be clear about what you believe should be done as a result of what you found. Indicating how to fix the problem is where you can really add value. If you just toss a report on someone’s desk explaining where they have a lot of problems and then leave, you aren’t being very helpful to them, though they will have a report that they can use against an audit. In the end, though, just being able to say that they did a penetration test to get an audit checkmark isn’t going to be helpful. In six months or a year when they run the test again for their audit requirements, the findings will still be there, and a decent auditor will make note of that.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
- Chapter 7
Neuer Inhalt/© ITandMEDIA, Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung/© astrosystem | stock.adobe.com