// sample report
Executive Security Summary — Sample Report
Example scenario
A founder wants a plain-language, one-page view of security posture for a board update.
Executive summary
Posture is reasonable for the stage, with clear, affordable next steps. The three priorities: enforce MFA everywhere, close web hardening gaps found in scanning, and document a basic incident plan. None require a large budget; all reduce the most likely risks.
Findings
| ID | Finding | Severity | Mapping |
|---|---|---|---|
| EX-01 | Identity is the top priority | High | NIST IA-2 · AT-2 |
| EX-02 | Web hardening gaps | Medium | OWASP A05:2021 · NIST SC-18 |
| EX-03 | Recovery readiness | Medium | NIST CP-9 · IR-8 |
Details
EX-01 · Identity is the top priority
HighEvidence. Most likely initial-access paths involve credentials and phishing.
Risk. Account takeover remains the highest-probability incident for small teams.
NIST IA-2 · AT-2
EX-02 · Web hardening gaps
MediumEvidence. Scanning found missing security headers and cookie flags.
Risk. Increases the impact of any web application flaw.
OWASP A05:2021 · NIST SC-18
EX-03 · Recovery readiness
MediumEvidence. Backups exist but restore is untested and no IR plan is written.
Risk. Slow, costly recovery if an incident occurs.
NIST CP-9 · IR-8