Factors included in a security assessment report include risk analysis, threat assessment, data analysis, a review of physical and electronic security and an evaluation of security personnel. A review of current security protocols is also usually included.
A security assessment report can encompass network security, physical security or both. The first step in creating a security assessment report is to analyze security risk data. This analysis includes any past intrusions, whether through the computer network or physically, any known threats or any potential threats having a high likelihood of realization.
Once the scope of current or potential threats is defined, the security assessment report prioritizes which of those risks deserves the highest allocation of resources to address. Individuals most affected by these risks are involved in assessing the risks and prioritizing them, but input from law enforcement officials or other individuals familiar with the security industry may also be included in the security assessment report.
A security assessment report addressing physical security involves an on-site review of the facility. Many times the objective eye necessary to write a security assessment report notices issues with facility security that are not evident to those who work within and around the facility on a daily basis.
Ultimately the security assessment report presents recommendations to address the defined risk, and those recommendations must be reasonable given the nature of the risk and the resources available to neutralize them.