 |
This task describes the main steps for creating and presenting the right set of reports for each type of stakeholder. |
Disciplines: Test |
|
Purpose
Build and present reports to each stakeholder. |
Relationships
Roles | Primary Performer:
| Additional Performers:
|
Inputs | Mandatory:
| Optional:
|
Outputs |
|
Main Description
This task begins with identifying all of the stakeholders, and the type of information that each needs. For example, a Chief Security
Officer would be interested in knowing the security risk associated with the discovered vulnerabilities. A Compliance
Officer would be interested to know how the discovered security issues affect your organization's compliance with
particular government or industry standards. Developers would need to know the technical details about the discovered
vulnerabilities and, if possible, the steps they need to take to fix them.
Once you have all of the reports ready, you should present them to the different stakeholders.
|
Steps
Identify all Stakeholders and the Type of Information They Need
Different stakeholders have different needs and different knowledge levels regarding security and the application under
test. Based on these criteria, categorize the stakeholders and list their specific interests. |
Build a Report for each Stakeholder
Create reports based on the specific needs of different stakeholder types. For each issue found, outline the concept,
the risks and the potential solutions.
|
Present Reports to Stakeholders and Develop an Action Plan
Set up a review meeting with the target audience, go through each important item, and reach a resolution. Capture the action
plan items and, if needed, create specific work items and assign responsibilities. |
|
More Information
Licensed Materials - Property of IBM
© Copyright IBM Corp. 1987, 2012. All Rights Reserved.
|
|