Security Gap Analysis
A security gap analysis is a review of your organization’s security posture. This analysis provides a comparison of your security program versus overall best security practices. By comparing these best practices to actual practices, we can shed light on areas where vulnerabilities and risks are lurking. However, it’s not only important that a gap analysis has to be conducted; it’s also important that it is done correctly. Our specialists will conduct interviews with your security team to evaluate your organization’s security posture based on the Centre for Internet Security (CIS) Top 20 Critical Security Controls. Once all information has been gathered, our team will provide a risk-prioritized report and assist with closing your organization’s cyber gaps.
Our Methodolody
All testing performed under security policy assessment are based on the NIST SP 800 - 115 Technical Guide to Information Security Testing and Assessment, OWASP testing Guide (v4) plus other customized testing frameworks.
PLANNING
Customer goals are gathered and rules of engagement obtained.
DISCOVERY
Perform scanning and enumeration to identify potential vulnerabilities, weak areas and exploits.
REPORTING
Document all found vulnerabilities and exploits, failed attempts, company strengths and weaknesses.
Thorough Testing
Items reviewed during policy assessment include but not limited to:
identify a specific industry-standard security framework
Evaluation of people and processes
Data gathering and analysis
Gap analysis
Other plans depends on specific customer content and footprint.