Next, gauge and evaluate your organizations current state of security and
protection protocols and mechanisms. Identify gaps, challenges
and opportunities for improvement by conducting a thorough audit making sure to:
1.Identify the industry specific cyber law in relation to inquiries and incidents.
2.Assess the critical information infrastructure. Determine the configuration of doors, windows, logical controls, data storage and encryption, firewalls, servers, routers, switches,hubs, and so forth to be compliant.
3.Identify key vulnerabilities points and strengths. Show compliance using a test case (pass/fail requirement). Demonstrate an actual compliance test of server, workstation, etc. that indicates what passes or what doesn’t.
4.Indicate the legal elements and liability (costs) that the organization may

encounter for non-compliance. Place your findings in a report that

will be reviewed by the CIO and System Security Authority (SSA).