The nontechnical presentation: Your upper-level management team consists of technical and nontechnical leadership, and they are interested in the bottom line. You must help these leaders understand the identity management system vulnerabilities you discovered in password cracking and access control. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your presentation:
- How do you present your technical findings succinctly to a nontechnical audience? Your technical report for IT will span many pages; but you will probably be afforded no more than 30 minutes or 8-10 slides for your presentation and the following discussion with leadership.
- How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.
- How do your results affect business operations? Make sure you are presenting these very technical password cracking results in business terms upper-level management will understand.
- What do you propose? Management will not only want to understand what you have discovered; they will want to know what you propose as a solution.
Step 6: The Technical Report and Executive Summary
The technical report and the nontechnical presentation will identify compromises and vulnerabilities in the information systems infrastructure of the healthcare organization, and identify risks to the organization’s data. You will propose a way to prioritize these risks and include possible remediation actions.
The technical report: Provide recommendations for access control and authentication mechanisms to increase the security within the identity management system. After you have defined the roles within the organization, recommend the accesses, restrictions, and conditions for each role. Present these in a tabular format, as part of your list of recommendations.
Provide a comparison of risk scenarios to include the following:
- What will happen if the CIO and the leadership do nothing, and decide to accept the risks?
- Are there possible ways the CIO can transfer the risks?
- Are there possible ways to mitigate the risks?
- Are there possible ways to eliminate the risks?
- What are the projected costs to address these risks?