Gap Analysis

ICT Security Gap Analysis

In this ever changing world the security controls that worked for an organisation yesterday may no longer be sufficient today. Cyber attacks happen every second of every day, involving disparate companies that don't seem to have anything in common.  A security breach can result in the loss of  confidential information, potentially leading to financial penalties and a damaged reputation.

An ICT gap analysis allows organisations to learn areas of weakness within their network security controls to ensure that, after remediation, the network is robust and effective. The security gap analysis shows what an organisation should be doing by comparing the policies and procedures in place against industry best practices, and offers insights into how an organisation can put the correct structure and controls in place. You can reap a lot of benefits from performing an information security gap analysis, but only when it’s being done correctly, by someone who knows the current threats.

What is an information security gap analysis?
An in-depth review is undertaken to understand the status of the cybersecurity risks and vulnerabilities in an organisation so remediation can be undertaken, based on identified priorities.

4 steps for conducting an information security gap analysis

  1. Select an industry-standard security framework
    By selecting an industry-standard security framework, you will have the baseline best practices that you can measure and compare against your own security program. In Australia the Government standard is the Information Security Manual (ISM), released, and updated quarterly by the Australian Signals Directorate (ASD). This particular framework provides best practices on information security management, covering key security areas such as user assessment, access control, physical security, change management, and more.  The standard provides a great framework to compare security policies and network controls against.
  2. Evaluate your staff and processes
    This normally involves a review of policies used by the organisation and the staff understanding of what these policies mean.  It typically covers ICT Security Awareness Training, HR Processes, System Monitoring and Incident Reporting
  3. Gather data
    This step involves gathering evidence to support the existing implementation and how it ACTUALLY works.
  4. Analyse your security program
    Finally there is analysis that determines the 'gap' between existing and optimal, and generally plots a path forward. 

Contact us

Telephone: +61 (0) 475 815 455

E-mail: ian@ozicybernomad.com

Address: Somewhere in Australia

This field is mandatory

This field is mandatory

The e-mail address is invalid

* Indicates required fields
There was an error submitting your message. Please try again.
Thank you! We will get back to you as soon as possible.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.