1.2 - Gap Analysis

Gap Analysis

• A strategic tool used to identify the difference between the current state and preferred future state of an organization.

Choosing the framework

• Work towards a known baseline; an internal set of goals

Evaluate People and Processes

• Get baseline of employees

  • Through formal experience IT sec. , current training, and knowledge of security policies and procedures

• Examine current processes

  • See how existing IT systems work and how they relate to your formal policies

  • Evaluate existing security polices

Compare and Contrast

• Compare your existing systems you have running on your environment

• Identify weaknesses those systems have

  • Can potentially compare with the most effective processes to compensate

• Create a detailed analysis looking at every broad security categories

  • Break each one into smaller segments

The analysis and report

• After your gain all the information of everything, everywhere; you create a document to summarize everything that we’ve discovered

  • Start with a Detailed Baseline Objectives

• Need a path to get from current security to the goal

  • Includes time, money and control changes done

• Once all data is compiled, create a Gap Analysis Report; done through description for current state how to get to planned state