Appendix 1. Gap Analysis Areas of Interest
Area of Interest | Sample documentation |
Cybersecurity Planning | Information security policies |
Organization mission statement | |
Organization roles and responsibilities | |
IT and security organization chart | |
Most current risk assessment | |
Most recent cybersecurity assessments | |
Incident Response | Incident response plan, processes, and procedures |
Procedures for incident monitoring and reporting | |
Risk Management | Cybersecurity risk management plan |
Vulnerability management plan | |
Vendor Management | Polices regarding vendor selection, monitoring, cybersecurity responsibilities |
Service level agreements (SLA) | |
Network Operations | System security engineering standards and policies |
Configuration specifications for information systems | |
Secure application ... |
Get CyberWar, CyberTerror, CyberCrime: A Guide to the Role of Standards in an Environment of Change and Danger now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.