You might think that your network is safe from attack. You might have even weathered the storm against ransomware or a DDOS a
ttack. But have you tried your luck against a determined, sophisticated attacker? A security gap analysis can help you find gaps in your network that attackers will capitalize upon, securing your netw
ork against penetration and exploitation. Whether you work with a third party to conduct the security gap analysis or run it on your own, you’ll follow the same basic steps.
Step 1: Select an industry standard security framework
Before you can successfully evaluate your network security with a security gap analysis, you’ll need a framework to compare your current network security against. Standards like ISO/IEC 27002 give guidance about how to secure your network against intrusion, and give you benchmarks that you can compare your cyber security system against. This standard covers best practices in fields like risk assessment, access control, change management and physical security, among others.
Step 2: Evaluation
Once you’ve chosen a standard as a benchmark, you’ll want to evaluate your current network security systems, processes and people. In this data gathering phase, you should look for data about your entire IT environment, including cyber security policies and processes, equipment management, organizational processes and other relevant information. Use this survey as an opportunity to collect the data about your current network security status.
Step 3: Analysis
Now that you’ve gathered information about your current network security program and technical architecture, you can compare it against the best practice controls as specified in your chosen security framework. As you go through the security gap analysis process, you’ll be comparing your organization’s network security program against the expectations of your framework, and begin to notice differences. Track these differences, or deltas, as they arise.
Step 4: Adjustment
Once the deltas are collected, you’ll be able to analyze methods to supplement your existing security protocols. Often, the benchmark you’ve chosen will provide recommended steps for improving specific aspects of your cyber security. Work with the relevant departments in your company to adjust your security processes until they’re sufficiently in line with your chosen framework. Once you’ve made these adjustments, you can be confident that your network will stand up to whatever comes your way.