Whilst an ever-important element of doing business in today’s market, keeping up with changes in today’s threat and regulatory landscapes is proving to be increasingly difficult. These environments are evolving so rapidly that businesses are struggling to stay on top of their information security and compliance goals. Ultimately, this means a growing gap between where an organisation’s current state of security sits and where they’d like to be. A gap analysis or information security posture assessment is the perfect means to an end here, helping you gain in-depth knowledge on your organisation and enabling you to achieve your desired security maturity.
Our information security posture assessments provide you with a holistic view of your current information security posture in comparison to internationally accepted security standards and legislations. We commonly conduct these assessments against the following standards, helping to uplift your posture and accelerate your compliance journey:
We help you better understand your current state of security, delivering contextualised, actionable knowledge on how to achieve your key objectives in line with broader compliance efforts. In order to deliver the most thorough assessment, we cover your:
Using a refined methodology, we conduct a thorough review of your entire organisation, looking at business goals, administrative functions, information security controls and more.
Above all, this analysis provides you with a clear and concise view on your current and unique security profile. Furthermore, it allows us to compare your current state against industry standards, enabling us to make more focused recommendations for meeting this standard, gaining compliance and uplifting your security posture.
Please note this is a high level overview of the assessment process. For more detailed information, please contact our security professionals.
Firstly, every gap analysis needs a target or framework to abide by. This may be ISO 27001, PCI DSS or another benchmark to compare your organisation’s security policies and controls against. The reason being is this framework will provide a standard to which we can work towards.
Once the framework is decided upon, the next step of the process involves evaluating your people. Ultimately, this is a critical data gathering phase, where we interview your senior management, team leaders and other staff to identify and assess key objectives, as well as the processes within your environment.
Next, we look at your administrative and technical controls, including standards, policies and technologies in your environment. In addition to any IT projects your organisation is currently undergoing, we make sure to analyse the appropriateness of your policies, the general awareness around them, and communication of them.
Finally, we're able to provide a detailed assessment of all our findings. In this stage of the gap analysis, we compare the effectiveness of your organisation's security controls to the aforementioned standard, as well as other organisations within the same or similar industry. This allows us to provide visibility on any gaps, and ultimately, provides a basis for improvement.
At the conclusion of the assessment, our expert consultants provide detailed reports covering your current state of security and the most practical means for improvement.
This document will outline our understanding of the organisation’s requirements and provide a detailed assessment of the effectiveness of the security controls in place. As part of our commitment to continuity, consistency and consultancy, we structure these report in such a way that your organisation can use it as the basis of a generic security improvement program.
This document identifies the approach, resources, timing and deliverables required to improve the security controls up to the desired level. It’ll be based on our understanding of the current environment as well as the level of risk associated with your information systems.