This document provides details for a security assessment report on operating systems and information systems. It outlines topics to cover such as defining the user's role in an OS, differences between kernel applications and user applications, embedded operating systems, and how OSs fit into overall information system architectures. It also lists topics about OS vulnerabilities to discuss, including vulnerabilities in Windows, Linux, Mac OS, and mobile devices. Intrusion motives and methods for MS and Linux systems should be explained along with security management technologies and why corporate and government systems are targets of intrusions using methods like SQL and XML injections.