Information security audit teams assess compliance with information security requirements and identify strengths, weaknesses, opportunities, and threats (SWOT). Formal standards or frameworks such as, ISO22301.
Construct a gap analysis matrix that captures the top 10 information security requirements. The matrix should, at a minimum, include the following:
· Columns for the critical level of the requirement
· Level of compliance
· Responsible organization
Assume 5 of the 10 requirements do not meet the compliance criteria.
Hypothesize the responsible accountable organization, findings, and recommendations for the non-compliant requirements.