Information security audit teams assess compliance with information security requirements and identify strengths, weaknesses, opportunities, and threats (SWOT). Formal standards or frameworks such as, ISO22301.

Construct a gap analysis matrix that captures the top 10 information security requirements. The matrix should, at a minimum, include the following:

· Columns for the critical level of the requirement

· Level of compliance

· Responsible organization

· Findings

· Recommendations

Assume 5 of the 10 requirements do not meet the compliance criteria.

Hypothesize the responsible accountable organization, findings, and recommendations for the non-compliant requirements.