Gap analysis

Reporting tools for the company's work with cyber security

A gap analysis maps differences between the current state of cybersecurity, against expectations set by a particular standard, framework or laws and regulations. In collaboration with the customer, we agree in advance on what to measure gaps against, to create the most value for the customer. Gaps can be measured against, among other things, but not limited to:

  • Digital Security Act (NIS2 Directive)
  • Digital Operational Resilience Act (DORA)
  • Act on National Security (Security Act)
  • ISO 27001
  • NSM Basic Principles for ICT Security

A gap analysis is a useful tool for working towards compliance with regulations, laws and rules. It can also be used as a reporting tool for the board of directors and senior management, and provide insight into the company's work with cyber security. Measures to close the identified gaps will be presented and can be prioritized based on the company's risk acceptance.

Our delivery model

Netsecurity's advisors use a combination of interviews and documentation review to describe the gap the business is facing. The gap analysis is delivered as a report that in a simple way conveys the identified gap, along with measures that help to close the gap.
users-three

1. Getting started

Inform about the gap analysis, select relevant framework, define scope and plan for implementation

map-trifold

2. Mapping

Collect relevant documentation, conduct interviews and workshops with key people and professional roles

chart-donut

3. Analysis

Assess the status based on the information gathered against the chosen framework or legislation

notebook

4. Prepare a report

Describe the current situation and identify areas that require action for compliance with the chosen framework or legislation

presentation

5. Presentation

Present the analysis and conclusions, anchor measures, deliver final report and recommend further process

Related services from strategic consulting

Frame-63

Vulnerability scanning

Read more
Frame-52

Phishing response

Read more
Frame-26

Strategic advice

Read more