Security and Gap Analysis
IS4799 Information Systems and
Cybersecurity Capstone Project
Unit 3
IT Security Policy Framework Gap
Analysis
© ITT Educational Services, Inc. All rights reserved.
Learning Objective and Key
Concepts
Learning Objective
Plan and perform a security compliance gap analysis Key Concepts
Information technology (IT) security policy
Security controls
Compliance requirements
Gap analysis
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 2
EXPLORE: CONCEPTS
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 3
Compliance and Governance
Requirements
Requirements
• Compliance
• Governance
Identify the requirements that apply
Specific to types of organizations
• Organizations that handle payment cards must comply with
Payment Card Institute Data Security Standard (PCI DSS).
• Organizations that handle personal medical records must comply with Health Insurance Portability and Accountability
Act (HIPAA).
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 4
Align Requirements
Align requirements to client’s policy framework. Associate existing policy to requirements.
Include descriptions for proposed changes.
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 5
Alignment Process
Identify
requirements.
Review existing policy.
Associate requirements to policy.
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 6
Review Policy Components
Policy: Rules that fulfill security objectives
Standards: General requirements everyone must meet
Guidelines: Best practices for specific contexts Procedures: Step-by-step instructions for carrying out tasks
IS4799 Information Systems and
Cybersecurity Capstone Project
Unit 3
IT Security Policy Framework Gap
Analysis
© ITT Educational Services, Inc. All rights reserved.
Learning Objective and Key
Concepts
Learning Objective
Plan and perform a security compliance gap analysis Key Concepts
Information technology (IT) security policy
Security controls
Compliance requirements
Gap analysis
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 2
EXPLORE: CONCEPTS
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 3
Compliance and Governance
Requirements
Requirements
• Compliance
• Governance
Identify the requirements that apply
Specific to types of organizations
• Organizations that handle payment cards must comply with
Payment Card Institute Data Security Standard (PCI DSS).
• Organizations that handle personal medical records must comply with Health Insurance Portability and Accountability
Act (HIPAA).
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 4
Align Requirements
Align requirements to client’s policy framework. Associate existing policy to requirements.
Include descriptions for proposed changes.
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 5
Alignment Process
Identify
requirements.
Review existing policy.
Associate requirements to policy.
IS4799 Information Systems and Cybersecurity Capstone Project
© ITT Educational Services, Inc. All rights reserved.
Page 6
Review Policy Components
Policy: Rules that fulfill security objectives
Standards: General requirements everyone must meet
Guidelines: Best practices for specific contexts Procedures: Step-by-step instructions for carrying out tasks
IS4799 Information Systems and