400 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
the output of a vulnerability scanner provides in-depth information that will be
needed by the organization’s administrator tasked with xing the problems.
◾ Cost Estimate Worksheets—If considerable eort was put into calculations
such as cost–benet analysis or recommended countermeasure estimates,
these calculations can be recorded in an appendix.
◾ References—It is common practice to provide a list of references used and
cited throughout the report.
11.4 Document Review Methodology: Create
the Report Using a Top-Down Approach
e rst description of what the customer expects in the nal security risk assess-
ment report is in the statement of work (SO ...