Task: Build Reports
This task describes the main steps for creating and presenting the right set of reports for each type of stakeholder.
Purpose
Build and present reports to each stakeholder.
Relationships
InputsMandatory: Optional: External:
  • None
Outputs
Main Description

This task begins with identifying all of the stakeholders, and the type of information that each needs. For example, a Chief Security Officer would be interested in knowing the security risk associated with the discovered vulnerabilities. A Compliance Officer would be interested to know how the discovered security issues affect your organization's compliance with particular government or industry standards. Developers would need to know the technical details about the discovered vulnerabilities and, if possible, the steps they need to take to fix them.

Once you have all of the reports ready, you should present them to the different stakeholders.

Steps
Identify all Stakeholders and the Type of Information They Need
Different stakeholders have different needs and different knowledge levels regarding security and the application under test. Based on these criteria, categorize the stakeholders and list their specific interests.
Build a Report for each Stakeholder

Create reports based on the specific needs of different stakeholder types. For each issue found, outline the concept, the risks and the potential solutions.

Present Reports to Stakeholders and Develop an Action Plan
Set up a review meeting with the target audience, go through each important item, and reach a resolution. Capture the action plan items and, if needed, create specific work items and assign responsibilities.
Properties
Predecessor
Multiple Occurrences
Event Driven
Ongoing
Optional
Planned
Repeatable
More Information