A gap analysis is a method of assessing the differences in performance between a business’ information systems or software applications to determine whether business requirements are being met and, if not, what steps should be taken to ensure they are met successfully. A cyber security gap analysis determines the differences between the current and ideal state of information security within your organization.
EHS will interview key personnel identified by the customer either by questionnaire or phone and perform document reviews in accordance with NIST SP800-30. Document reviews will provide the EHS risk assessment team with the basis on which to evaluate compliance with policies and procedures in order to ultimately identify potential shortfalls in the administrative, technical, and/or physical security posture.
Deliverables (* Excluded from Gap Analysis)
The following deliverables may be provided as part of the engagement depending upon services chosen:
- Gap analysis results that include risk rating and assessment of items such as: physical safeguards, network resources inventoried, data protection measures, log monitoring and auditing.
- *Risk ratings results based on interview or questionnaire (High, Medium, Low, Risk number)
- *The final report will provide information on current assessment and findings of customers’ security posture, recommended remediation and a description of potential risk due to non-remediation.
- *A “Crosswalk to Security” report will also be provided to assist customer in how to develop a plan to mitigate risk. The findings will be presented as a strategic “Crosswalk” in the form of recommendations only. These recommendations are intended to assist the customer’s security posture. This includes items such as: recommended security roles, how to evaluate key security policies and controls ongoing, control implementation guidelines and internal review processes.
- Remediation recommendations.
The deliverables will be provided to the customer via secure e-mail or through a secure website as mutually agreed. All final deliverables are shared only with the customer approved representatives.