If you need to meet a business or developmental goal, performing a gap analysis is a great way to illuminate how to reach that goal. After reading this blog, you’ll know what gap analysis is and how to conduct it—plus you’ll be armed with a ready-to-go template to help you get started.

What is gap analysis?

Gap analysis is simply the process of examining a current state, comparing it against a desired future state, and then determining the best way to get to that future state. So, the “gap” just refers to the difference between the two states. No alphabet soup with this term!

This process has applications across all business practices, and you can even use it for personal growth. One IT-specific example is compliance. When GDPR was passed, many organizations had to figure out what their current processes were and compare them against GDPR regulations. The future state in this instance was being fully GDPR-compliant. Then those organizations figured out what processes they had to add or change to meet that future state.

Why is gap analysis important?

We may often have a vague idea of what we want to achieve, but waste resources trying different things that may or may not be effective.

In this case, not only do we fail to meet our goals, but we’ve lost time, money, and productivity. Obviously this is not ideal, especially in the fast-paced environment of IT.

Gap analysis is great because it helps you focus and find clarity. The process involves defining a clear goal, analyzing what you’re doing now against what you want to achieve, brainstorming different solutions, and then narrowing down those solutions to the most effective one. In other words, it’s a great process for developing a roadmap and figuring out how to prioritize your resources strategically.

How to perform gap analysis, step-by-step

Performing a gap analysis is not complicated. But before you get started, be prepared to document. Open a word processor or grab a pen and paper. Or you can download the template I’ll be using and follow along.



Step 1: Define the goal

The goal is the foundation for the rest of this exercise. It can be quantitative or qualitative, but it should align with the overarching business strategy or with your team’s improvement objectives.

For example, let’s say that you want to reduce your SecOps team’s Mean Time To Respond (MTTR). Write down that goal at the top of your doc so that you maintain focus on that goal only.

Goal - reduce SecOps MTTR

Step 2: Gather data about your current state

Now that you’ve established your goal, use it as a lens to define your current state. This is where you’ll do some research. Depending on your goal, you could research by:

  • Reading your organization’s documentation of a process
  • Interviewing the people involved
  • Observing workflows, processes, etc.

Let’s say that by reading documentation on past threat investigation, you found your MTTR to average about five hours. And by interviewing members of the SecOps teams, you also found out that they’re frustrated because it takes a long time to sift through alerts and logs from disparate sources, many of which turn out to be false positives.

In your document, create a column labeled “Current State” and write down your findings.

Gap analysis current state

Step 3: Describe your desired future state

Next, create a column labeled “Future State” and describe the desired future state. Again, this can be defined with either quantitative or qualitative metrics.

In our example, let’s say you want MTTR to average one hour. You also want the SecOps team’s workflow to be streamlined, thereby reducing each team member’s workload.

Gap analysis future state

Step 4: Analyze the gap

Here begins the “analysis” part of “gap analysis.” Look at what you’ve defined for your current and future states, then identify the differences. Specifically, what is the gap, and what is causing the gap?

In our example, you found that it takes a long time for SecOps to determine which alerts are signaling real issues. Jumping between disparate solutions and sources is inefficient, and there’s too much data for your current SecOps team to handle. And, of course, you’ll need to reduce MTTR by 80% to meet your future state.

Create a column labeled “Gap Description” and write down your observations.

Gap analysis template - gap description

This is also a good point to think about how you’ll baseline and measure your progress. This example is quantitative, so we could simply check the average MTTR every month after implementing a new solution. For a more qualitative goal, you could use surveys or conduct interviews a few months after implementation.

Step 5: Brainstorm solutions

Finally, create a column labeled “Possible Next Steps” and write down possible ways to close the gap between your current and future states. Don’t worry too much about the effectiveness of each solution you come up with—we’ll analyze them in the next step.

For our example, we might list solutions like:

  • Hiring more SecOps team members
  • Aggregating all the data in one place
  • Switching from logs to NetFlow data
  • Creating stricter alerting policies
Gap analysis template - possible next steps

Step 6: Narrow down the solutions

You may want to start a new page for this part of the gap analysis (but keep the page we just completed handy). In this final step, you’ll figure out the pros and cons of each solution you brainstormed in the previous step. Remember that you’re filtering these solutions through the lens of the goal you defined in step 1. Once you’ve evaluated each solution, use the goal to weigh each pro and con.

Here are a few more things to consider:

  • Budget
  • Risks
  • Capability of implementing the solution (how hard will it be to do?)
  • Benefit timing (how long before you’ll see the benefit of this solution?)
  • Other perks (what else can this solution offer the organization?)

I also recommend only listing what each solution would do, and not what they would not do. I find that listing things a solution wouldn’t do muddies the analysis.

Let’s do a couple with our example: “create stricter alerting processes,” and “switch to NetFlow data.” The pros of stricter alerting process might be that it’s likely to cut down on false positives, and there’s little to no upfront cost. On the other hand, some cons might be that it may have no effect, or cut true positives unintentionally.

Now let’s consider switching to NetFlow data. Some pros might be that it’s relatively inexpensive, offers benefits beyond threat investigation, and would make it easier to figure out where to start investigations. One con could be that your team would have to learn a new solution.

Keep going for each solution you listed in step 5.

Solution pros and cons

And done!

Congrats, you’ve just performed a gap analysis! You now have a list of analyzed solutions that would help accomplish your goal. From here, you can narrow down the list to one solution or present each one with its pros and cons to your director.

By the way, you may find that it’s a combination of solutions that will best help you close the gap between your current and future states. But try to eliminate any solutions that will have a low impact.

A framework for weighing pros and cons

If you’re having trouble narrowing down solutions, try plotting each one on an impact/effort graph. Draw a vertical line with “easy” at the top and “hard” at the bottom. Then draw a horizontal line through the middle with “high impact” on the right and “low impact” on the left. Like so:

impact-effort graph

Back to our example, we might put “switch to NetFlow data” at +2, +4—fairly easy and with a high impact. This puts it solidly in the green “quick wins” quadrant in the image above. We might put “create stricter alerting policies” at +4, -4—very easy, but not impactful at all. That lands it in the yellow “busy work” quadrant, which means we’d probably not implement that solution.

A high-impact, but difficult solution will likely be a major project. It’s worth considering, but requires more planning. You should run far away from any solution that is both hard to implement and inconsequential.

Final thoughts and a gap analysis template

Performing a gap analysis is a great way to look objectively at your current situation and figure out the best way to meet your goal. As we’ve seen, it’s a straightforward process that anyone can benefit from doing.

To use the same template I did in your own gap analysis, subscribe to our blog below.



Alienor

Alienor

Alienor is a technical writer at Plixer. She especially enjoys writing about the latest infosec news and creating guides and tips that readers can use to keep their information safe. When she’s not writing, Alienor spends her time cooking Japanese cuisine, watching movies, and playing Monster Hunter.

Leave a Reply

Your email address will not be published. Required fields are marked *