# Security Assessment Brief Template

*[Use this template to create an executive brief on a security assessment, for leaders and decision-makers who need a fast scan of the results. Distill it from the full assessment report, and add the context the reader needs to decide and act.*

*If you're working from a report produced with the [companion report template](https://zeltser.com/security-assessment-report-template), pull the Bottom Line from its "Executive Summary," Key Findings from "Findings Summary," and Recommended Actions from "Remediation Priorities."*

*The text in italic square brackets is guidance for you. Delete it before finalizing the brief. Rename the generic title above to match your assessment.*

*This template was [created by Lenny Zeltser](https://zeltser.com/security-assessment-report-template) and distributed under the [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/) (CC BY 4.0). The license covers the template. Any brief you produce with it is yours.]*

*[Date · Classification]*

## Bottom Line

*[One paragraph (3-5 sentences) for a busy, non-technical reader. State what you assessed, the overall security posture or risk, the most important conclusion, and the headline recommendation with its urgency. If you're asking the reader to decide something, name the decision.]*

## Key Findings

*[List the few findings that matter most, ordered by decreasing severity. The full report has the rest.]*

| Finding | Severity | Affected Asset |
|---|---|---|
|  |  |  |

## Recommended Actions

*[The top three to five actions, ordered by priority. Who is optional when an external assessor doesn't know the owner. For an action that needs a decision-maker's approval, name the decision in the When column.]*

| What | Why | When | Who |
|---|---|---|---|
| *[Lead with an action verb, such as Patch, Harden, Reconfigure, or Remove.]* | *[Why this matters for the organization.]* | *[Such as Immediate, Within 30 days.]* | *[The internal owner.]* |
|  |  |  |  |

## More Information

|  |  |
|---|---|
| **Full Report** | *[Link to the full assessment report.]* |
| **Follow-Up Contact** | *[Name and channel for follow-up questions on this brief.]* |