Reviewing an Assessment Reporting Template

Answer the following questions:

1-Does this template meet the NCSC stated requirement of preparing a baseline to use as a reference point for pen tests? If not what changes/amendments would you make?

2-What are the two best lessons/examples presented in the report?

3-What two things do you think are unnecessary or could be done more effectively?

Reflect on this activity by answering the following questions:

1-Did you have any issues or challenges with this activity?

2-How did you overcome them?

3-How will they affect your final report?

The template is well defined, however, the instructions didn’t provide a link or instructions regarding the NCSC requirements, so I had to search online to find the needed one.

Regarding the two best examples in the report; I would argue that executive summary showing high level overview of the report and risk assessment which showed a comprehensive information about the vulnerabilities with their level of severity.

Regarding the last question, I see the NSIT framework not mentioned in the methodology. It would be more effective to highlight and explain in a clear table about the “Identify, Protect, Detect, Respond and Recover” items in this framework. Moreover, the password policy doesnt’ suggest the two factor authentication wich is much safer and efficient compared to the traditional username and password login (Gontovnikas, 2017).

References:

Gontovnikas, M. (2017). Is Passwordless Authentication More Secure Than Passwords?. Available from: https://auth0.com/blog/is-passwordless-authentication-more-secure-than-passwords/ [Accessed 07 December 2023]