GAP Analysis

Security Gap Analysis (GAP)

Electronic data processing brings – besides many advantages – a wide range of threats. Defending against these threats requires considerable expense; in addition, 100 % security is an unattainable goal – regardless of how much effort we make. Therefore it is important to consider the question whether operational practices comply internal rules and both technical and procedural recommendations for information protection against current threats and whether they are in harmony with contemporary legislation.

Comparative (or delta or gap) analysis is a precise tool that allows to determine whether your company's solution covers all necessary areas to ensure adequate protection for your information.

Objectives

The principle of benchmarking is to compare the actual state of reference and to determine any irregularities. The aim is to assess comprehensively the level of information regardless of the form and their treatment.

Assessment focuses on:

• Manner of computer technology usage

• Communication settings

• Information Security in Information Systems

• Physical Security

• Personnel Safety

• Documentation of security procedures and their actual implementation

Benefits

• Balanced and comprehensive insight on the state of Information Security

• Proposing specific measures to remedy the shortcomings prioritized by implementation and performance

Framework

• Slovak legislation

• ISO / IEC 27001, 27002 (formerly 17799)

• internal security documentation / standards of reviewed organization