
	Home > Ask the Information Security Experts > Questions & Answers > Getting the most out of the gap analysis process

Ask The Security UK Expert: Questions & Answers

EMAIL THIS

Getting the most out of the gap analysis process

EXPERT RESPONSE FROM: Neil O'Connor

		Pose a Question

		Other Security UK Categories

		Meet all Security UK Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 10 January 2010
I have to do a gap analysis of an existing healthcare system against a set of established requirements. The goals of this analysis are to find the data capture gaps, suggest possible solutions and bring the system up to desired standards to ensure appropriate capture of data and ease of access. What are some common mistakes that can be made in this type of gap analysis process?

The main thing to ensure in any compliance gap analysis is that the scope is understood by both you -- the stakeholders and any other people involved in the compliance processes. To do this you'll need to establish:

The relevant stakeholders for the analysis.
The systems, people and processes that are going to be included in the review.
The detailed requirements against which the gap analysis is to be performed.

One of the key problems in many gap analyses is often getting time in people's diaries for interviews. I find that it helps to first email potential interviewees with a clear statement of the purpose of the interview and the topics that will be covered.

No matter how many steps you take to prepare for the analysis, there is no substitute for knowing the requirements in detail. Also keep in mind that interviews have a habit of going in different directions, so you need to thoroughly understand the metrics being applied in order to gain the required information during the limited interview time available.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Information Security Risk Assessment: Methodology and Analysis
	Improving software with the Building Security in Maturity Model (BSIMM)
	Encryption basics: How asymmetric and symmetric encryption works
	Jericho Forum to provide customers with good security questions to ask
	A guide to internal and external network security auditing
	Insider threat detection still a challenge for employers
	Get more out of your security event log data
	Secure cloud computing: a contradiction in terms?
	Report: U.K. lags in information security management practices
	Aligning network security with business priorities
	SANS: Application, website flaws pose biggest threats

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Access Management: Authentication, Biometrics, Password Security

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2008 - 2010, TechTarget \| Read our Privacy Policy