Information Security Gap Analysis
At this point, you should have a good understanding of how your existing information security program is operating along with how well it compares to similar companies in your industry. The next step in the process includes identifying alternatives to move from your current to your future information security program. This section provides some guidelines on how to develop those alternatives and a rational approach for evaluation.
Completing the first two steps of the information security architecture methodology should have provided you with the following information:
Current state of your information security program— Includes what is working, and what needs to be improved
Business requirements analysis—
Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
