Gap Analysis 1.2 Flashcards
1
Q
Describe GAP ANALYSIS
A
- A study of where we are vs where we want to be.
2
Q
General Process of a GAP ANALYSIS.
A
- This may require extensive research
- Can take an extensive amount of time in order to collect emails, gather data, and perform technical research.
3
Q
What is the first step in initiating a GAP ANALYSIS?
A
- Working towards a known baseline which will give a goal to work towards.
4
Q
What are some BASELINES organizations can use when performing a GAP ANALYSIS?
A
- Protecting Controlled Unclassified Information in Non Federal Systems and Organizations by the National Institute of Standards and Technology (NIST).
- ISO/IEC 2700, Information Security Management Systems
5
Q
What are some appropriate actions to perform when evaluating the people for a GAP ANALYSIS?
A
- Getting a baseline of the people and processes.
- Understand their current training, their formal experience, and knowledge of securities policies and procedures.
6
Q
What are some considerations when assessing the current processes for a GAP ANALYSIS?
A
- Research existing IT systems.
- Evaluating existing security policies.
7
Q
Describe the process in performing the COMPARE AND CONTRAST step of a GAP ANALYSIS.
A
- Evaluate existing systems and identify weakness, determine effective processes.
- Create a detailed analysis.
8
Q
What is involved in a DETAILED ANALYSIS portion of COMPARE AND CONTRAST step?
A
- Examine broad security categories.
- Break those into smaller segments.
9
Q
Describe THE ANALYSIS AND REPORT step.
A
- A document of final comparisons with everything that was discovered.
- Detail the baseline objectives with a clear view of the current state.
- Determine the path to get from the current security to the goal.
10
Q
What is involved in the final step of a GAP ANALYSIS?
A
- Creating a gap analysis report which is a formal description of the current state.
- Provides recommendations for meeting the baseline.
