A business system is a set of interconnected processes, functions, or activities that support the operations and objectives of a business1. A security gap is a weakness or flaw in a business system that can be exploited by a threat to cause harm or gain unauthorized access2. A control is a measure or mechanism that reduces the likelihood or impact of a security gap or threat3.
The best way to determine whether new controls mitigate security gaps in a business system is to perform a vulnerability assessment. A vulnerability assessment is a process of identifying and evaluating the security gaps and threats in a business system, and testing the effectiveness and efficiency of the controls that are implemented to address them. A vulnerability assessment can help to:
Measure and compare the current and desired state of the security posture and performance of the business system
Detect and prioritize the most critical and urgent security gaps and threats that may compromise the business system or its objectives
Validate and validate the adequacy and reliability of the new controls and their ability to prevent, detect, or respond to security incidents or breaches
Provide feedback and recommendations for improving the security of the business system and enhancing the security awareness and culture of the organization
References = What is a Business System?, What is a Security Gap?, What is a Control?, [What is a Vulnerability Assessment?], [Vulnerability Assessment: A Guide for Business Leaders]
Submit