Understand what you have and what you need next.

A WaveGard Policy Gap Analysis project provides our clients with a structured mentoring process for commencing the design of a new security policy framework or evaluating an existing framework. Clients who choose the Gap Analysis ultimately benefit from an understanding of the positive components within their security policy framework as well as deficiencies that must be addressed. The process directly incorporates regulatory compliance topics and technical controls to define the initial security posture for the organization. The review result is a clearly written deliverable that identifies critical findings, recommended next steps, and areas that should be considered for further review.

A Policy Gap Analysis project often includes the following steps:

• Understand the existing environment and define the goals of the security program
• Review existing policies, procedures & standards
• Explore the existing security framework, if any
• Identify the regulatory considerations. SOX, HIPAA, GLBA, FISMA (C&A), PCI, or others
• Identify a standardized approach against which the program can be mapped such as ISO, COBIT, & NIST
• Analyze the information in aggregate to identify areas of compliance or weakness
• Succinctly document the findings, including recommended next steps

The Gap Analysis process is often used by our clients as a way of creating a baseline for their existing environment and for creating a roadmap for future security activities such as the creation of a robust security program. If you need help building or improving your security program, consider WaveGard's Security Program Design services.