Gap Analysis
Gap analysis is a process that identifies how an organization’s security systems deviate from those required or recommended by a framework.
- performed when:
- first adopting a framework
- or meeting a new industry or legal compliance requirement
- might be repeated:
- every few years to meet compliance requirements
- or to validate any changes that have been made to the framework
- For each section of the framework, a gap analysis report will provide:
- an overall score
- a detailed list of missing or poorly configured controls associated with that section
- and recommendations for remediation
Info
- A gap analysis is likely to involve third-party consultants
- Frameworks and compliance requirements from regulations and legislation can be complex enough to require a specialist
- Advice and feedback from an external party can alert the internal security team to oversights and to new trends and changes in best practice