Information security audit teams assess compliance with information security requirements and identify strengths, weaknesses, opportunities, and threats $($SWOT$).$ Formal standards or frameworks such as$,$ but not limited to$,$ ISO$27001,$ ISO$22301,$ GDPR$,$ and NIST can be used to support formal security gap analysis.

Working as a team, select a formal standard. Construct a gap analysis matrix that captures the top $10$ information security requirements. The matrix should, at a minimum, include the following:

Columns for the critical level of the requirement

Level of compliance

Responsible organization

Findings

Recommendations

Assume $5$ of the $10$ requirements do not meet the compliance criteria.

Hypothesize the responsible accountable organization, findings, and recommendations for the noncompliant requirements.