| Gap Analysis |
|
Problem Statement A Gap analysis can be a standalone project or in most cases combined with a Roadmap Strategy development. It identifies the gaps in current practices and best practices. Many organizations have never quantified and identified the weakness in their security processes and where they should be according to best practices. This is a critical step in reducing future threats to the organization. If a Gap analysis has been done, typically it is only focused on security tools, not the business processes used or the business function required. A complete Gap analysis has to focus on people, process and technology.
The Solution Our solution uses quantitative and qualitative methods to define your current state and future state of your security environment. We determine how your organization maps to best practices and the steps needed to get to the next level of security and maintain a robust security environment as change occurs. A Gap Analysis identifies deficiencies and correlated them to practical solutions. A baseline for your future security architecture will be developed after the analysis is complete. The Gap Analysis will develop best practices unique to your environment that can be used to implement controls over the following areas: · Regulatory compliance requirements (ISO, CoBIT, HIPAA, SOX and PCI) · Existing policies, procedures and standards · Software security development lifecycle processes · Access controls and user provisioning processes · Change control and configuration management · Business continuity related to security · Vulnerability management processes · Asset identification processes · Risk management processes · Incident handling processes · Endpoint architecture · Remediation processes · Physical security processes
How the Process Works First we analyze the current security processes and gain an understanding of current practices. Gaps between existing processes and targeted best practices are determines and solutions proposed. Identifying business risks associated with current practices is as important as identifying technology gaps. Through interview process and review of documentation around practices, we provide a phased approach to closing the gaps and providing steps to ensure those gaps do not occur again. |
- Pennsylvania CISO out of a job following RSA Conference appearance
- Twitter to vet links with goal of curbing phishing attacks
- India, Mexico, Brazil have most Mariposa bots
- Microsoft offers two fixes, but reveals a zero-day bug
- Report: Federal cybersecurity plan facing barriers
- Energizer software found to open backdoor
- China to prosecute Google hackers if evidence shows
- Microsoft readies two patches for Windows, Office flaws
- Four charged with hacking ticket vendors
- Comcast.net hacker pleads guilty