This work is licensed under the Creative Commons Attribution-NonCommercial License. Toview a copy of this license, visithttp://creativecommons.org/licenses/by-nc/2.0/ or send a letter to
Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.Created by Keith A. Watson, CISSP on March 1, 2005
{ABC corp.}Security Assessment ReportOctober 3, 2011
Report Prepared by:{Ehab Abdel Monem}, {Security consultant}{Eng_ehap@hotmail.com}{0114458033}{Raya Corp}{info@raya.net}
Confidential and Proprietary Information: Need to Know
The information contained within this report is considered proprietary and confidential to the {CLIENT ORGANIZATION}.Inappropriate and unauthorized disclosure of this report or portionsof it could result in significant damage or loss to the {CLIENTORGANIZATION}. This report should be distributed toindividuals on a Need-to-Know basis only. Paper copies should belocked up when not in use. Electronic copies should be storedoffline and protected appropriately.
{CLIENT ORGANIZATION}
EXECUTIVE SUMMARY........................................................................................5
In the last quarter the ABC Company started to give extra focus for the security of the network andproduction services. Many measures have been taken to protect valuable assets, especially thedatabase server as it contain the valuable customer information. ............................................................5Top-Ten List....................................................................................................................................................5
1. Information Security Policy.....................................................................................................................52. {Using Telnet for remote administration}...............................................................................................53. {Week passwords}...................................................................................................................................54. {Security Issue #4}...................................................................................................................................65. {Security Issue #5}...................................................................................................................................66. {Security Issue #6}...................................................................................................................................67. {Security Issue #7}...................................................................................................................................68. {Security Issue #8}...................................................................................................................................69. {Security Issue #9}...................................................................................................................................610. {Security Issue #10}...............................................................................................................................6
INTRODUCTION.....................................................................................................7
Scope................................................................................................................................................................7
Project Scope................................................................................................................................................7In Scope........................................................................................................................................................7Out of Scope.................................................................................................................................................7
Site Activities Schedule...................................................................................................................................7
First Day.......................................................................................................................................................7Second Day..................................................................................................................................................7Third Day.....................................................................................................................................................7
BACKGROUND INFORMATION...........................................................................8
{CLIENT ORGANIZATION}.......................................................................................................................8
ASSET IDENTIFICATION......................................................................................9
Assets of the {CLIENT ORGANIZATION} ...............................................................................................9
THREAT ASSESSMENT........................................................................................9
Threats to the {CLIENT ORGANIZATION}..............................................................................................9
LAWS, REGULATIONS AND POLICY................................................................10
Federal Law and Regulation........................................................................................................................10{CLIENT ORGANIZATION} Policy.........................................................................................................10
Confidential and Proprietary Information: Need to Know
Page 2
Security Assessment Report
Vulnerabilities...............................................................................................................................................10
The {CLIENT ORGANIZATION} has no information security policy...................................................10{State the Vulnerability}............................................................................................................................10
PERSONNEL........................................................................................................11
Management..................................................................................................................................................11Operations.....................................................................................................................................................11Development..................................................................................................................................................11Vulnerabilities...............................................................................................................................................11
There is no information security officer.....................................................................................................11{State the Vulnerability}............................................................................................................................11
NETWORK SECURITY........................................................................................12
Vulnerabilities...............................................................................................................................................12
The {CLIENT ORGANIZATION} systems are not protected by a network firewall..............................12{State the Vulnerability}............................................................................................................................13
SYSTEM SECURITY............................................................................................13
Vulnerabilities...............................................................................................................................................13
Users can install unsafe software...............................................................................................................13{State the Vulnerability}............................................................................................................................14
APPLICATION SECURITY..................................................................................14
Vulnerabilities...............................................................................................................................................14
Sensitive information within the database is not encrypted.......................................................................14{State the Vulnerability}............................................................................................................................14
OPERATIONAL SECURITY.................................................................................15
Vulnerabilities...............................................................................................................................................15
There is no standard for security management...........................................................................................15{State the Vulnerability}............................................................................................................................15
PHYSICAL SECURITY.........................................................................................15
Vulnerabilities...............................................................................................................................................15
Building Vulnerabilities.............................................................................................................................16Several key doors within the building are unlocked or can be forced open...............................................16{State the Vulnerability}............................................................................................................................16Security Perimeter Vulnerabilities.............................................................................................................16There is no entryway access control system..............................................................................................16{State the Vulnerability}............................................................................................................................17Server Area Vulnerabilities........................................................................................................................17The backup media are not protected from fire, theft, or damage...............................................................17
Confidential and Proprietary Information: Need to Know
Page 3
Premia la tua curiosità
Tutto ciò che desideri leggere.
Sempre. Ovunque. Su qualsiasi dispositivo.
Nessun impegno. Annulla in qualsiasi momento.