Be cloudy and secure...

Security


Cloud Security Authors: Terry Ray, Elizabeth White, Simon Hill, Yeshim Deniz, Shelly Palmer

Related Topics: Security

Cloud Security: Blog Post

Effective Report Writing Applied to Cyber Security

Effective report writing is an essential tool in the Cyber Security professional’s arsenal.

In almost all professions, report writing is a requirement.  Typically, reports document the success and failures of a particular action. While it may not be your favorite part of the job, report writing does validate your work to the customer. In our profession, Cyber Security, we have the unique challenge of communicating highly technical information in a non-technical format, so that the impact of our efforts can be understood.

Early in my career I hated writing reports.  Back then, I had a hard time understanding why reports were so important.  Little did I know that the countless hours I spent converting technical details into a "human readable" format would payoff in the future.

Fast Forward
In the world of Cyber Security, writing is part of the job, so embrace it.  Consider that good report writing can pay dividends in terms of real value for your customer.  This unique profession requires communicating thorough, analyst (data) in a succinct and precise manner.  In some cases, your customer must understand the data, so that decision makers can make certain you remain funded.

Without question, your primary job responsibility is to protect your customer's assets (networks, hosts, and the information contained within). In a world where minutes count, it's easy to fall into the trap "I am too busy defending the network to break away, and start producing some report that no one will read".  Reports matter.  They tell your story.

By Starting Simple, You Can Develop Good Practices
Good practice is to accurately document your analysis and investigations, and report on your outcomes.  If you aren't doing this today, consider starting - even if it is not currently a requirement.  Keep it simple at first.  An easy way to do this is to record notes during your analysis and investigations.  These notes can easily transition into the supporting narratives in your reports, and can make the task less arduous.

Here are a few report types, or documents, you may want to include in your arsenal:

  • Analysis/Investigative notes (thorough and complete, they are always a winner)
  • Trending Reports
  • Requirements Documents (supporting any custom systems, scripts, or what is needed to complete your day to day tasks)
  • Status Updates
  • Long Term Analysis (think analysis of Advanced Persistent Threat presence within your network)

More Stories By Cory Marchand

Cory Marchand is a trusted subject matter expert on topics of Cyber Security Threats, Network and Host based Assessment and Computer Forensics. Mr. Marchand has supported several customers over his 10+ years within the field of Computer Security including State, Federal and Military Government as well as the Private sector. Mr. Marchand holds several industry related certificates including CISSP, EnCE, GSEC, GCIA, GCIH, GREM, GSNA and CEH.