CISO: One of the most critical aspects of managing a companys security program is understanding its risk exposure and any inconsistencies in security control coverage. As a CIO and CISO, I have used this tool to establish a risk baseline for my security and risk management programs. It is important to understand that executive leadership should champion gap analysis efforts and the resulting report. The process to conduct gap analysis covers numerous stages and will be different for each organization due to business operations and compliance requirements.”]
Source: https://www.csoonline.com/article/3300107/do-you-know-your-gap.html