What is a Gap Assessment?
The NIST Cybersecurity Framework (CSF) provides a list of best practices organizations can follow to maintain a secure environment. At first glance, the list can seem quite complex!
When Sedara works with a client to improve their security posture, we do in-depth information gathering. The questions asked might include things like:
How do you keep your computer systems updated? How often are they updated?
How do you manage adding access for new hires, and ending access for terminations?
Do you provide your staff training so they are up-to-date on security threats?
What is a Gap Assessment?
At the end of the engagement, we provide a report. This report includes the results of the data gathering process. A gap assessment identifies gaps between industry standards and the current state of the organization’s information security. The gaps can include problems in many different areas, from training to asset management to antivirus protection.
Once Sedara identifies and explains the gaps, we grade it with a points system. This analysis helps us create a scorecard and build a POAM – Plan of Action and Milestones. This is a plan to close the security gaps over time. The POAM’s purpose is to help make risk identification and mitigation easier and more systematic. It includes risk assessment of the security gaps and establishes ongoing monitoring for progress.
If you found this video helpful, please subscribe to our YouTube channel!