Articles on Assessments

Below are my perspectives on Assessments, drawn from my work as a security leader and practitioner.

• Assessments A Report Template for Security Assessments
  The technical severity of an assessment finding tells only part of the story. A customizable report template helps you document the scope, rate findings by risk, and write for the executives and...
• Assessments Scope Security Assessments for Attack Paths, Not Org Charts
  When assessment scope follows organizational lines, gaps open where team boundaries meet and real attackers don't stop. Pulling adjacent teams into the scoping conversation and following attack logic...
• Assessments Tips for Creating a Strong Cybersecurity Assessment Report
  In a strong cybersecurity assessment report, you rate each finding by its risk to the organization rather than its raw tool score. You give readers the context and remediation steps they need to act...
• Assessments Information Security Assessment RFP Cheat Sheet
  Effective security assessment RFPs require understanding what's driving the need, ensuring staff availability, and defining realistic timelines and budgets. Key elements include specifying assessment...
• Assessments Looking for Infected Systems as Part of a Security Assessment
  Security assessments often produce predictable results—missing patches—so consider adding malware detection tasks. Techniques include identifying unmanaged systems, analyzing autorun entries for...
• Assessments 3 Reasons Why People Choose to Ignore Security Recommendations
  People avoid information that challenges beliefs, demands undesired action, or causes unpleasant emotions—all common with security assessments. Recipients may resist findings that contradict "my...