Gap Analysis

(OBJ 1.2)

Process of evaluating the differences between an organization's current performance and its desired performance
- Identify areas were improvements can be made
Conducting a gap analysis can be a valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture

There are several steps involved in conducting a gap analysis

Define the scope of the analysis
- Identifying ares to evaluate and desired outcome
Gather data on the current state of the organization
- Done through surveys, interviews or other forms of data collection
Analyze the data to identify any areas where the organization's current performance falls short of its desired performance
- Once gaps are identified, go to the next step
Develop a plan to bridge the gap
- Changes to processes, systems or other areas to improve performance or security of those processes or systems

Technical Gap Analysis
- Involves evaluating an organization's current technical infrastructure
- Identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions
- Example:
  - Not enough throughput in a critical connection
Business Gap Analysis
- Involves evaluating an organization's current business processes
- Identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions
- Example:
  - Current data management processes are not efficient enough
  - Current Forecasting processes are not accurate enough

Outlines the specific measures to address each vulnerability
Allocate resources Set up timelines for each remediation task that is needed
- Allows to prioritize the patching of critical software vulnerabilities and updating those database misconfigurations first.
"A way to get us from our current state to out desire state"