APPENDIX 1: GAP ANALYSIS AREAS OF INTEREST

Area of Interest

Sample documentation

Cybersecurity Planning

Information security policies

 

Organization mission statement

 

Organization roles and responsibilities

 

IT and security organization chart

 

Most current risk assessment

 

Most recent cybersecurity assessments

Incident Response

Incident response plan, processes, and procedures

 

Procedures for incident monitoring and reporting

Risk Management

Cybersecurity risk management plan

 

Vulnerability management plan

Vendor Management

Polices regarding vendor selection, monitoring, cybersecurity responsibilities

 

Service level agreements (SLA)

Network Operations

System security engineering standards and policies

Get CyberWar, CyberTerror, CyberCrime and CyberActivism, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.