Resources
No current events.
Tweets
Oops, an error seems to have occurred. We're sorry for any inconvenience this might have caused. If the error persists, feel free to tell us about it.
| Gap Analysis |
|
Problem Statement A Gap analysis can be a standalone project or in most cases combined with a Roadmap Strategy development. It identifies the gaps in current practices and best practices. Many organizations have never quantified and identified the weakness in their security processes and where they should be according to best practices. This is a critical step in reducing future threats to the organization. If a Gap analysis has been done, typically it is only focused on security tools, not the business processes used or the business function required. A complete Gap analysis has to focus on people, process and technology.
The Solution Our solution uses quantitative and qualitative methods to define your current state and future state of your security environment. We determine how your organization maps to best practices and the steps needed to get to the next level of security and maintain a robust security environment as change occurs. A Gap Analysis identifies deficiencies and correlated them to practical solutions. A baseline for your future security architecture will be developed after the analysis is complete. The Gap Analysis will develop best practices unique to your environment that can be used to implement controls over the following areas: · Regulatory compliance requirements (ISO, CoBIT, HIPAA, SOX and PCI) · Existing policies, procedures and standards · Software security development lifecycle processes · Access controls and user provisioning processes · Change control and configuration management · Business continuity related to security · Vulnerability management processes · Asset identification processes · Risk management processes · Incident handling processes · Endpoint architecture · Remediation processes · Physical security processes
How the Process Works First we analyze the current security processes and gain an understanding of current practices. Gaps between existing processes and targeted best practices are determines and solutions proposed. Identifying business risks associated with current practices is as important as identifying technology gaps. Through interview process and review of documentation around practices, we provide a phased approach to closing the gaps and providing steps to ensure those gaps do not occur again. |
- Certain HP scanners can permit snooping and spying
- Microsoft releases new tool to defend against DLL attack
- IBM admits erring in statistics on vendor patching
- Fake TweetDeck update on Twitter leads to trojan
- CA continues cloud buying spree with $200 mil Arcot buy
- FTC closes probe into LimeWire inadvertent file sharing
- Spam volume plunges in wake of Pushdo takedown
- Security defenses limited at SMBs, survey finds
- Pentagon official reveals "most significant" military breach
- IBM report shows new flaws skyrocket in first half of year