Gap Analysis is a technique that businesses use to determine what steps need to be taken in order to move from its current state to its desired, future state.
A gap analysis can be against existing IT and cyber security controls, industry standards, or industry regulations. A gap analysis forces an organization to reflect on who it is and ask who they want to be in the future. If an organization does not make the best use of current resources, or forgoes investment in capital or technology, it may produce or perform below an idealized potential.
Who’s it for
As cyber security and privacy regulations or standard are updated, as organizational network architecture changes, or when things within IT seem static and requirements are not being met. A gap analysis will help and organization to decide if they are still on track for their cyber security and privacy goals
How is it performed
A CipherTechs Gap Assessment methodology is similar to Cyber Security Risk Assessment, CipherTechs’ auditors understand what the goal of the gap assessment is and what standards or regulations need to be assessed, then conduct a series of interviews with the client personnel in charge of IT Operations and Cyber Security. If necessary, multiple stakeholders are brought together in a single session for facilitated discussions of security risks and their specific potential impact on company business.
Our auditors initiate the gap assessment exercise by creating a list of organizational security objectives and then link these objectives to potential gaps and risks; classifying them according to likelihood and potential monetary impact. CipherTechs can also review current client security solutions to identify the effectiveness of existing controls. The condensed company gap assessment profile developed from these interviews and reviews has a variety of applications, especially in terms of prioritizing security control enhancements and implementations.