Essential Considerations for Penetration Test Result Presentation

A penetration test is usually performed to uncover technical weaknesses in a computer installation. Consequently, the test results contain technical implications that may not be easily understood unless they are put into context and explained in business terms. When presenting penetration test results to management, the identified information technology risks must be translated into business risks. This research provides a suggestion on how to effectively present penetration test results. Penetration testing is security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation.