Best Practices

Tips for Creating a Report for Senior Managers

mark_user

In any IT or cyber security role, an analyst may be asked to generate a report for senior managers. Senior managers They are focused on profit and want a very brief overview of systems, people, projects under their responsibility. The report should be no more than one page long and contain items of interest that can be shown as a percent or objects that are actionable.

Here is a list of items that a security analyst could report on.

  • Vulnerability data
    • Discovered vulnerabilities by scanning. (critical or exploitable).
    • Total company vulnerability risk score.
    • Company risk score trends chart.
    • Company external third-party vulnerability risk score. (BitSight or UpSight Score).
  • Threat Intelligence
    • Third Party data breach disclosures.  Any venders that you use on a regular basis were hit?
    • Emerging vulnerability threats from threat intel sources.
    • Vendor external third-party vulnerability risk score. (BitSight or UpSight Score).
  • SIEM data
    • Count of events, alerts, or incidents. List types and severity.
    • Avg time to close an event.
    • Count of total number of assets.
  • Firewall Stats
    • Count of foreign country blocks.
    • Count of weekly VPN connections (are WFH employees able to make successful connections?)
    • Count of number of files that were Ftp’d to the company.
  • Email stats
    • Count of Inbound blocks from email filters. (block by sender, domain, body, subject, etc).
    • Count of Outbound mail flow stats, how many were sent, etc.
    • Count of phishing emails were reported and that were blocked, allowed or spam, clean, threat.
    • Phishing trends chart.
  • User Behavior
    • Who are the risky users (clicked on a URL link, downloaded software, etc.)
    • List any discovered passwords.
    • Vulnerable service accounts, (outdated passwords, etc).
    • PIM activations ? Sensitive group changes?
  • Future Initiatives
    • Hardening initiatives
      • How many hosts have local admin rights still?
      • Workstation / server hardening scan results. Percent of assets that meet PCI CIS Cisco DISA FDCC HIPPA standards.
      • How many Firewall rules are not being used. Have a 0-hit count.
    • BYOD devices.
      • Count of users accessing company resources using BYOD (i.e. email, teams, or SharePoint)
      • Are there BYOD assets patched, meet a minimum OS version?

Related Posts

Best Practices

Regulatory Compliance Frameworks

mark_user
Best Practices

Basic Steps to Safeguard Your Digital Secrets

mark_user