Last updated at Mon, 24 Jul 2017 15:55:16 GMT

There are several kinds of reports available in ControlsInsight. One that I want to bring your attention to is the operational report, a report that provides details to be consumed by your IT department.

The operational report was born to bridge the gap between identifying security controls needed in your organization and implementing them. The WHY and HOW associated to the WHAT. It is one of the most important parts of the product because it is meant to drive action. It gives you the latest information regarding why you should deploy a particular control and is geared towards company-wide deployment, not per individual asset. This is why the report includes step by step instructions for using group policies or large deployment tools.

Understanding the format of the report

The report is very straightforward. It includes an overview of the control, supported operating systems, step by step deployment guidance, a list of assets that would benefit from deploying the control, and a list of references to validate the information that is being presented.

The Overview: This gives you high level information on the security control at hand - brief, concise and to the point.

Supported Operating Systems: A list of operating systems supports the implementation of the step by step guidance.

Step by Step Guidance: A detailed list of instructions for how to implement the control in your environment.

List of assets: A list of the assets that would benefit from deploying a particular control.

References: This section allows customers to see references for articles relevant to the control. It also allows customers to cross-reference the control with recommendations from SANS Top 20 Critical Security Controls, Australian DSD Top Mitigation Strategies and NIST SP 800-53 Security & Privacy Controls.

So, in a nutshell, this report gives you a single place to understand what to do, why to do it, how to deploy it, which assets lack the control today in your context, relevant reference material, and how other organizations rank the importance of the control.