HIDE Consultants can assist organizations to determine their status vis-à-vis industry standards and frameworks (e.g., ISO, NCA, SAMA, STAR etc.). The exercise will benchmark against popular and regulatory standards and provide you with your gaps across different domains, and what needs to be done to close or mitigate the gap. This service is very beneficial to a customer prior to certification audits and the like. At the very least, Organizations will have an understanding as to where they stand and their Maturity level with respect to the relevant standards and frameworks. And most critically, what is required to enhance their posture to meet requirements.
HIDE Consultants will use as inputs your Organization’s Vision, Mission and Business and Enterprise level Strategy. Careful selection of the relevant standards and frameworks is critical to ensuring the success of the Gap Analysis. Prior to commencing the Gap Analysis, HIDE Consultants will build a Domains framework toolkit that will contain all the relevant domains from the respective standards that are to be benchmarked against.
As an example, the domains included are Governance & Compliance; Security Architecture; Risk Management; Training & Awareness; Endpoint Security; Application Security and Defense & Intelligence. The toolkit will then be the property of your organization and you could use it periodically to do your own assessments. The gaps against each control in each domain are then assessed and in addition, as a value add, the HIDE Consultant will provide your organization with a ‘Maturity Level’ for each control. This will provide critical insight into where you stand and what needs to be done to enhance the maturity level.
HIDE Consultants will use a combined approach of Meetings with relevant stakeholders, organizational documentation review and analysis and Observations of controls operation to assess the Gap. Finally, a report is produced that contains an Executive Summary and a Detailed technical section comprising the gaps, the recommendations to close the gap, maturity levels and the owner within your organization who is responsible to close the Gap.