Gap Assessments to evaluate cyber security risk

Let us benchmark your organisation's cyber security to your preferred framework. We'll identify gaps in your defence and provide recommendations how to plug these gaps.

Let our Cyber Security Specialists help

We provide Gap Assessments against the following cyber security frameworks:

"The MyEmpire Group team’s technical understanding of Essential 8 and ability to cut through all the techno-speak and explain things to us in layman's terms made the process so much more streamlined."
Lisa Saunders
Group Executive – Governance Risk & Compliance, REI Superannuation

A cyber security Gap Assessment involves evaluating your organisation to assess whether the needed controls are in place and being implemented to align to your chosen standard.

A Gap Assessment can support your organisation in achieving compliance to any of the cyber security frameworks listed above. 

As well as helping your organisation to meet a standard, which can open up new business opportunities, comparing your organisation’s current cyber security position to best practice industry standards gives you valuable insights on weaknesses or gaps in your defence. It allows you to clearly see how good your cyber security measures are and what additional measures are needed to fill these security gaps.

A Gap Assessment to a specific cyber security framework also gives you an understanding of the work and timeframes involved to comply or align to standards.

How we perform a typical Gap Assessment

1. Identify the relevant cyber security framework

First we’ll get to understand which cyber security framework you want to align your organisation to. For instance, ISO 27001, NIST, Essential 8 etc.

2. Critical assets, people and processes

Next, we’ll understand your critical assets to gain context on the business and the security controls implemented. This involves talking to the key people responsible for cyber security, but also often management, HR, procurement etc. We’ll also analyse your current systems, documentation and security policies.

3. Gap Assessment

The next stage we’ll conduct the Gap Assessment itself where our cyber security specialists do a deep dive review to see how you measure up to the certification/framework you’ve chosen to align to. 

4. Reporting and Roadmap


We consolidate the findings of this review in a formal report. The report includes recommendations on security controls, processes and the people required to improve your cyber security. We’ll also provide a roadmap that provides an indication of timeframes, priorities and where focus and investment need to be made in order to fill these gaps.

"The biggest benefit to working with MyEmpire Group is having access to cyber expertise on an as-needed basis. We're able to access skills and knowledge across a broad range of [cyber security] areas, and without having to hire in-house."
Jenelle Schultz
Chief Operating Officer, Business Fitness

What is the difference between a Risk Assessment and Gap Assessment?

A Risk Assessment in cyber security aims to highlight areas where your organisation is most vulnerable to cyber attacks. This includes threats to your operations, information systems or data. The assessment helps organisations identify security risks, the likelihood of these risks occurring, and the impact of these risks if they were to occur. 

A Gap Assessment focuses on finding gaps in alignment to a specific cyber security framework. It involves choosing a cyber security framework and assessing whether the needed controls are in place and being utilised to meet the requirements of this framework. 

Ready to mature your cyber security?