1.2 Gap Analysis

Definition: Where you are compared with where you want to be

Choosing the Frameworks

• work towards a known baseline

• determine the end goal

  • NIST

  • ISO/IEC 27001 Information security management systems

• get a baseline of employees (current training, formal experience, etc.)

• examine the current processes

• Compare and contrast of current systems to identify weaknesses

• Obtain a detailed analysis

• Detailed summarization of objections of the analysis report

Example Table of Gap Analysis Overview