4.gap_analysis

Gap analysis

Researching an organization's current IT security posture, comparing it to its security objectives, and determining the requirements needed to achieve those objectives.

gap between where I am and where I want to be

gap analysis

Baseline

An organization's security objectives, which can include formal policy documents and the organization's own policies and procedures.

an orgnaization’s security objectives

baseline

Analysis

Evaluating an organization's current IT ecosystem to identify any weaknesses and comparing them to effective strategies to compensate for those weaknesses is the ___ portion of a gap analysis

User de-registration

Removing a user's account and access rights from a system when they no longer need them.

Removing user from system

user-deregistration

User access provisioning

Managing user access rights, which involves granting or revoking user access permissions.

managing a user’s access rights by granting or revoking

user access provisioning

Privileged Access Rights

Granting special access beyond the standard access permissions, allowing users and systems to perform normally restricted actions.

special access rights beyond standard permissions

privileged access rights

Access Rights

Granting permission to users and systems to access resources.

granting access to a user

access rights

Processes acting on behalf of a user

Background or automated system operations that perform actions with a user's credentials.

automated background system operations

Processes acting on behalf of a user

baseline objectives

___ are established by assessing the knowledge of security policies and experience with IT security tools of an organization’s employees.

IT security expertise and knowledge of policies and procedures

What aspects of an employee are assessed during the baseline objective portion of a gap analysis?