Security Gap Analysis
Often seen as the core pillar of all security work undertaken, a Security Gap Analysis aims to provide a comparison of your security program versus industry best practices and standards.
An effective security posture needs to incorporate people, process and technology and covers incident prevention, detection and response. Prevention based strategies are no longer adequate and organisations need to focus on cyber resilience. 91% of business leaders recently surveyed responded that cyber security was important to their business. Yet only 57% said they had a formal cyber/information security strategy.
The CyberCrowd Security Posture Review is a detailed assessment of your full security posture, covering policy, processes and technology platforms. Our consultants review the critical areas of your security architecture and practices and map them against industry leading practices. From this we create a maturity assessment of your security posture, identify risks and areas for remediation and provide you with guidance around the high priority issues identified and the steps recommended to remediate them.
At the outset of our engagement we build a detailed understanding of your organisation. This includes learning more about your business, your working practices, your culture, your business and IT strategy, plans for change, challenges and the regulatory environment in which you operate. Our approach is to deliver a report that meets your desired outcome.
Initially we will discuss and agree the most suitable best practice to assess your security posture against. Some of the most frequently used frameworks include NCSC 10 steps, ISO27001, NIST and COBIT; although client sector specific frameworks can often be used in their place. Our key objective is ensuring the correct standard is selected to provide comprehensive recommendations.
The service is delivered by gathering information from 1:1 interviews and from detailed questionnaires provided to key stakeholders. The information that we gather is assessed and qualified and where necessary follow-up questions are asked to confirm the accuracy of facts gathered. It is important that full transparency is provided to our consultants during this process.
We will then provide a written report which when presented, details our findings and focusses on providing recommendations. With the key aim of the report being to reduce the gap in your security posture, all of our recommendations are scored to better assist you in prioritising the required remediations.