Security GAP Mapping

Information Security Gap Analysis

Information Security gap analysis provides a comparison of your security program versus overall best practices.

Depending on your business, we Select appropriate security framework like: the US National Institute of Standards and Technology (NIST) or International Organization for Standardization (ISO).

Our Security transformation service supports cyber security by identifying vulnerabilities, gaps, breaches and potential threats in your environment. We make customised action plan for your enterprise, by performing maturity assessment that considers your current and desired maturity level of controls.

Understand people and processes.

In this stage, we gather data on your IT environment, organizational charts, policies, processes, and other relevant details. Many of the risks that company networks face is caused by human intervention - an employee innocently clicking on a link in a phishing email, insufficient training, or a disgruntled employee who purposely sabotage the network.

Identify the frameworks controls that works best for your business needs taking into account business risk. As a part of this step, we compare best control practices or relevant requirements against your organizational controls. With data gathering, we gain a clear picture of your technical environment, the protections in place, and your overall security effectiveness.

Perform a gap analysis and maturity assessments to figure out what is incomplete or missing.

In this stage, we perform an in-depth analysis of your security program. We provide security roadmap, that considers risks, staffing, and budget requirements, as well as timeframes to complete the various security improvements.

Develop a program to implement the missing or incomplete controls.

Our approach is to embed transformational aspect on three line of defence:

  • Number Line of defence


    Control self-assessments (CSAs)
    Attack/breach penetration testing
    Functional/technical testing
    Social/behavioral testing
    Regular management review

  • Number Line of defence

    Risk Management

    Threats, culnerailities, rish
    Formal risk evaluation
    Business impact analysis (BIA)
    Emerging risk

  • Number Line of defence

    Internal Audit

    Internal controls testing
    Cybersecurity compliance
    Formal risk acceptances