Menu

  1. Introduction
    1. Licensing
    2. System Requirements
    3. Setup and Installation
  2. Getting Started
    1. Creating the Database
    2. RM Studio Users/Contacts
    3. Email Configuration
    4. Web Module Setup
    5. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Categories
    5. Assets
    6. Threats
    7. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    8. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Working with Assets
      2. Evaluation Values
      3. Evaluating Risks
      4. Various Definitions
      5. Risk Assessment Reporting
    2. Evaluation Templates
    3. Risk Owner Web Solution
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Maturity and Effectiveness Assessment
    1. Control Assessment Templates
    2. Reporting
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. Intro to Models, Diagrams, Analyses
    2. STPA Projects
    3. Models and Diagrams
      1. How to: Create HCS Models
      2. How to: Create HCS Diagram
        1. Diagram Elements
    4. Performing the Analysis
      1. Setting up the Analysis
      2. System Level Hazards and Losses
      3. Step 1
    5. Reporting
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

5.Gap Analysis

RM Studio’s Gap Analysis is an assessment enabling users to determine the state of the organization’s compliance to a standard (ISO/IEC 27001), regulation (EU GDPR), or control framework (NIST SP 800-53.r4) . The Gap Analysis is best used to analyze the current baseline of the organization’s starting point in terms of meeting specific requirements of a standard or regulation. Users should also use the Gap to establish what mitigating controls are necessary or not applicable to the organization and determining the controls that have already been implemented successfully.

Essentially the Gap Analysis can answers two questions:

  • Where are we now in regards to compliance?
  • What do we need to do to achieve compliance?

In terms of the ISO/IEC 27001:2013 users need to use the Gap Analysis for the requirements, as well as the Annex A controls set (ISO/IEC 27002:2013). Users can execute one gap for the requirements (ISO27001) and a second gap for the control implementation guidance (ISO27002). One gap for both the ISO 27001 & 27002 can be created and analyzed, but only the controls (ISO 27002) will be applied to the Risk Treatment.

5.1.How to: Gap Analysis

5.2.Reporting

 

Help Guide Powered by Documentor
Suggest Edit