APPENDIX 1: GAP ANALYSIS AREAS OF INTEREST
Area of Interest |
Sample documentation |
Cybersecurity Planning |
Information security policies |
Organization mission statement |
|
Organization roles and responsibilities |
|
IT and security organization chart |
|
Most current risk assessment |
|
Most recent cybersecurity assessments |
|
Incident Response |
Incident response plan, processes, and procedures |
Procedures for incident monitoring and reporting |
|
Risk Management |
Cybersecurity risk management plan |
Vulnerability management plan |
|
Vendor Management |
Polices regarding vendor selection, monitoring, cybersecurity responsibilities |
Service level agreements (SLA) |
|
Network Operations |
System security engineering standards and policies |
Get CyberWar, CyberTerror, CyberCrime and CyberActivism, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.