Episode 44 — Run gap and SWOT reviews to target improvements precisely
To target security improvements with precision, a leader must master the use of gap analysis and SWOT reviews (Strengths, Weaknesses, Opportunities, and Threats). This session teaches you how to conduct a SWOT review to identify internal factors that help or hinder your security goals and external factors that could impact the business mission. We define a gap review as the comparison of your current state against a desired future state or an industry standard like NIST CSF. For the GSTRT exam, candidates should know how to prioritize improvements based on the "size of the gap" and the potential impact on the organization's risk profile. Examples include identifying a weakness in employee awareness as a high-priority gap because it increases the likelihood of a successful phishing attack. Best practices involve engaging cross-functional stakeholders in these reviews to ensure a holistic view of the organizational landscape. By running precise reviews, you ensure that your security investments are focused on the areas that provide the greatest return on risk reduction. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
