Conclusions

This is it; this section is where you should clearly state your conclusions. Although this is certainly the place to list what's wrong and what needs to be fixed, you'll also want to discuss what works and what is being done right. What are your findings and what is the organization's overall level of security? You will be making the conclusions; however, it will be up to those responsible for the systems to determine what to implement. Because money is always an issue, you should recommend several options. If the best solution isn't feasible because of the budget, the organization can implement other stop-gap solutions to improve the situation from its current state.

Tip

If necessary, include an appendix that lists the tests that were performed and their results. If it's a large amount of detailed data, you may want only to reference it here and supply those details by including a CD with the original data files.