How to Conduct a Cybersecurity Gap Analysis: A Step-by-Step Guide
Cyber threats are constantly evolving, and many organizations—especially in public safety and critical infrastructure—struggle to keep pace. A cybersecurity gap analysis is a strategic approach to assess where your organization stands compared to where it should be in terms of cyber readiness.
In this guide, we’ll walk you through the essential steps to conduct a cybersecurity gap analysis using proven frameworks and practical methods. This information is especially vital for public safety agencies, emergency communications centers (ECCs/PSAPs), and local governments looking to safeguard operations and ensure compliance.
Want to go deeper? Download the full eBook version of this guide for an in-depth look at real-world examples and remediation checklists.
Download Now
What Is a Cybersecurity Gap Analysis?
A cybersecurity gap analysis compares your current cybersecurity posture to established standards, identifying where your defenses fall short. It helps organizations understand weaknesses in technology, policy, and process that could be exploited by cyber threat actors.
Whether you’re trying to meet NIST Cybersecurity Framework requirements or ensure CJIS compliance, a gap analysis is the first step to strengthening your security foundation.
Step-by-Step: How to Perform a Cybersecurity Gap Analysis
Step 1: Choose a Framework to Guide Your Analysis
Start by selecting a well-established cybersecurity framework to serve as your benchmark. Common options include:
- NIST Cybersecurity Framework 2.0: Built around five core functions—Identify, Protect, Detect, Respond, and Recover.
- ISO/IEC 27001: Focuses on information security management systems.
- CJIS Security Policy: Essential for agencies handling Criminal Justice Information (CJI).
- Get a detailed, easy to read breakdown on new CJI cybersecurity standards and recommended steps to take to help meet compliance with new standards.
- MITRE ATT&CK Framework: A threat intelligence model based on real-world tactics and techniques.
Each framework offers different advantages. Choose one that aligns with your regulatory obligations and operational needs.
Step 2: Gather Relevant Data
Effective analysis depends on comprehensive data collection. Gather the following:
- Policies and Procedures: Existing documentation on security policies and controls
- Technical Infrastructure: Network maps, configurations, system inventories
- Security Logs: Firewall, IDS/IPS, antivirus, and SIEM data
- Previous Assessments: Audit reports, , and penetration tests
This data will form the baseline for comparing your current state with the desired standard.
Step 3: Evaluate People and Processes
Cybersecurity isn’t just about tools—it’s about people and procedures.
- : Evaluate staff awareness and responsibilities in security protocols.
- Process Evaluation: Review how your team handles:
- System and network security
- Integration with physical security systems
- Incident response plans and escalation paths
Are staff roles clearly defined during an incident? Are protocols documented and tested regularly?
Step 4: Perform the Gap Analysis
Compare your collected data to your chosen framework. Look for areas where you do not meet requirements.
Common gaps include:
- Outdated or missing incident response plans
- Inconsistent or missing security logs
- Lack of encryption or access control
- Gaps in staff training and awareness
- Insufficient backup or redundancy planning
Identify the gaps that present the highest risk to your operations and community.
Step 5: Prioritize and Mitigate Gaps
Not all gaps pose equal risk. Prioritize them based on:
- Likelihood of exploitation
- Potential operational impact
- Sensitivity of affected data or systems (i.e. CJIS data)
Then, build a mitigation plan. This might include:
Example: Gap Analysis in Action
Current State
Your ECC has an outdated cyber incident response plan. It hasn’t been tested in over two years, and staff are unsure of their responsibilities during a breach.
Framework Comparison
The NIST CSF “Respond” function emphasizes the need for well-defined, tested incident response plans.
Identified Gaps
- Incomplete response procedures
- Untrained staff
- No testing schedule
Remediation Plan
- Update and expand the incident response plan
- Conduct annual tabletop and live testing
- Train staff on roles and response protocols
This approach ensures readiness and minimizes downtime when cyber incidents occur.
All organizations, especially in the public safety sector, including 911 centers and ECCs, need a cybersecurity partner that has the tools, experience and expertise protecting critical networks and systems to help them identify security gaps and actively address and remediate them together.
A cybersecurity gap analysis is the first step toward a safer, more resilient infrastructure. Whether you’re a 911 center director, city IT administrator, or critical infrastructure operator, understanding your vulnerabilities is the key to stronger defenses.
The human element continues to be the most vulnerable area exploited by cyber criminals that creates gaps in network security.
Don’t wait for a cyber incident to reveal your vulnerabilities. Partner with SecuLore today to uncover hidden risks in your network and take immediate steps to close those gaps. From expert-led vulnerability assessments and targeted cyber awareness training to 24/7 network monitoring—SecuLore gives you the visibility, guidance, and tools to strengthen your defenses before threats strike.
Let’s build a safer, more resilient operation—together.
Contents
Other Resources
- Securing Public Safety: Navigating the Cybersecurity RFP Process
- How to Conduct a Cybersecurity Gap Analysis: A Step-by-Step Guide
- Hollywood vs. Reality: What Netflix’s “Zero Day” Gets Wrong About Cyber Threats to 911 and Government Systems
- Why Even the Best EDRs Get Hacked
- Zero Day: TV Myths vs. Reality – Unpacking Cyber Threats to Public Safety and Government
