CISSP · Question #303
As a best practice, the Security Assessment Report (SAR) should include which of the following sections?
The correct answer is C. Remediation recommendations. A Security Assessment Report (SAR) is a document that summarizes the findings and recommendations of a security assessment. A SAR should include the following sections: an executive summary, a scope and methodology, a threat and risk analysis, a vulnerability analysis, a security
Question
As a best practice, the Security Assessment Report (SAR) should include which of the following sections?
Options
- AData classification policy
- BSoftware and hardware inventory
- CRemediation recommendations
- DNames of participants
How the community answered
(58 responses)- A2% (1)
- B3% (2)
- C93% (54)
- D2% (1)
Explanation
A Security Assessment Report (SAR) is a document that summarizes the findings and recommendations of a security assessment. A SAR should include the following sections: an executive summary, a scope and methodology, a threat and risk analysis, a vulnerability analysis, a security control assessment, and remediation recommendations. Remediation recommendations are the best practices that the SAR should include, as they provide the actions that need to be taken to address the identified security gaps and risks. Data classification policy, software and hardware inventory, and names of participants are not essential sections of a SAR, although they may be included as supporting information or appendices.
Topics
Community Discussion
No community discussion yet for this question.