Security Risk and Gap Assessment

A gap analysis is a study to determine the difference between the current state of information security and its ideal or optimum state of security.
Gap analysis is a vital part of the business continuity planning and is also a form of risk assessment.

Why Conduct Security Risk and Gap Assessment?

The purpose of the gap analysis is not to penalize anyone but to gauge the current state of existing security gaps.
The guidelines laid down by the IOS (International Organization of Standardization, ISACA (Information Systems Audit and Control Association) and the NIST (National Institute of Standards and Technology) must be adhered to during the process of gap analysis.