Menttor
Library
LibraryDocumenting findings and recommendations

Documenting findings and recommendations

Learn about Documenting findings and recommendations as part of SANS GIAC Security Expert (GSE) Certification

Table of Contents

Documenting Findings and Recommendations for SANS GIAC Security Expert (GSE)

The SANS GIAC Security Expert (GSE) certification is a rigorous assessment of your ability to perform advanced security assessments and provide actionable recommendations. A critical component of this process is the clear, concise, and compelling documentation of your findings and recommendations. This module will guide you through best practices for creating documentation that meets the high standards of the GSE.

The Importance of Effective Documentation

Your documentation serves as the primary evidence of your work and the basis for remediation efforts. It needs to be:

  • Clear and Unambiguous: Easily understood by technical and non-technical stakeholders.
  • Actionable: Providing specific steps for mitigation.
  • Comprehensive: Covering all critical findings and their implications.
  • Professional: Reflecting the expertise and rigor expected of a GSE.

Structuring Your Findings

A well-structured report makes it easier for readers to digest complex information. Consider the following structure for each finding:

Crafting Effective Recommendations

Recommendations are the bridge between identifying a problem and solving it. They must be precise and practical.

Recommendations should be SMART: Specific, Measurable, Achievable, Relevant, and Time-bound (where applicable).

When formulating recommendations, consider the following:

  • Specificity: Instead of 'patch the server,' state 'Apply vendor patch KB12345 to all Windows Server 2019 instances running IIS.'
  • Feasibility: Ensure the recommended actions are technically possible and align with the organization's resources and policies.
  • Prioritization: Clearly indicate which recommendations are most critical based on the risk assessment.
  • Context: Explain why a recommendation is important and what the benefits of implementing it are.

Visualizing Your Findings

Visual aids can significantly enhance understanding and impact. For the GSE, this often involves presenting evidence clearly and potentially illustrating complex relationships.

Screenshots are invaluable for demonstrating vulnerabilities. Ensure they are clear, annotated if necessary, and show the context of the finding. For network-related findings, diagrams illustrating traffic flow or system architecture can be highly effective. When presenting complex attack chains or data flows, consider using flowcharts or sequence diagrams to visually represent the process.

📚

Text-based content

Library pages focus on text content

Executive Summary and Overall Recommendations

Beyond individual findings, a GSE report requires an executive summary and overarching recommendations. The executive summary should provide a high-level overview of the assessment's scope, key findings, and overall risk posture. Overall recommendations should address systemic issues or strategic improvements that can enhance the organization's security posture.

What are the key characteristics of effective documentation for a GSE report?

Clear, unambiguous, actionable, comprehensive, and professional.

Review and Refinement

Before submission, thoroughly review your documentation. Check for clarity, accuracy, consistency, and completeness. Ensure all evidence is properly presented and that recommendations are well-supported. A peer review can also be beneficial to catch any overlooked issues.

Learning Resources

SANS GIAC Security Expert (GSE) Certification(documentation)

The official SANS GIAC page detailing the GSE certification requirements, exam structure, and objectives. Essential for understanding the overall expectations.

Writing Effective Security Recommendations(paper)

A SANS whitepaper offering practical advice on how to craft clear, actionable, and impactful security recommendations for various audiences.

How to Write a Security Audit Report(blog)

A blog post that outlines the typical structure and content of a security audit report, providing a good framework for GSE documentation.

The Art of Technical Writing for Security Professionals(video)

A video discussing best practices for technical writing in the cybersecurity domain, focusing on clarity and audience awareness.

Risk Assessment and Management(wikipedia)

Wikipedia article providing a foundational understanding of risk assessment methodologies, crucial for justifying the severity of findings.

SANS Reading Room - Technical Articles(documentation)

A vast collection of SANS whitepapers and articles on various security topics, many of which demonstrate excellent documentation practices.

Effective Use of Screenshots in Security Reports(blog)

A blog post from Rapid7 offering tips on how to use screenshots effectively to support findings in security assessment reports.

Introduction to Mermaid: Diagrams as Code(documentation)

Documentation for Mermaid, a JavaScript-based diagramming tool that allows you to create flowcharts and diagrams from text, useful for visualizing processes.

GSE Advisory Board - SANS Institute(documentation)

Information about the GSE Advisory Board, which can offer insights into the expectations and standards for the certification.

Cybersecurity Documentation Best Practices(documentation)

An overview of general best practices for cybersecurity documentation, covering aspects like clarity, organization, and audience consideration.