What is a Gap Assessment?
The NIST Cybersecurity Framework (CSF) provides a list of best practices organizations can follow to maintain a secure environment. At first glance, the list can seem quite complex!
When Sedara works with a client to improve their security posture, we do in-depth information gathering. The questions asked might include things like:
- How do you keep your computer systems updated? How often are they updated?
- How do you manage adding access for new hires, and ending access for terminations?
- Do you provide your staff training so they are up-to-date on security threats?
What is a Gap Assessment?
At the end of the engagement, we provide a report. This report includes the results of the data gathering process. A gap assessment identifies gaps between industry standards and the current state of the organization’s information security. The gaps can include problems in many different areas, from training to asset management to antivirus protection.
Once Sedara identifies and explains the gaps, we grade it with a points system. This analysis helps us create a scorecard and build a POAM – Plan of Action and Milestones. This is a plan to close the security gaps over time. The POAM’s purpose is to help make risk identification and mitigation easier and more systematic. It includes risk assessment of the security gaps and establishes ongoing monitoring for progress.
How Sedara Can Help
Sedara helps organizations implement the NIST CSF and improve their cybersecurity programs. Our experienced team will take your information security maturity to the next level with a gap analysis and improvement plan.
Subscribe to Sedara Declassified to get timely updates on new and evolving threats – and what to do about them – just like our clients do.