Capturing the current state
Now that we have performed our assessment, it is time to determine our current state. Your current state is a culmination of the overall scores that were generated by the assessment, and any deficiencies that were discovered when reviewing any of the documentation.
As depicted in Table 11.1, we should have scores for all of the categories and subcategories that we based our assessment on. These scores include not only the technical controls but also the administrative controls. Technical controls are what we most likely think of when we think of a control. These are the firewalls, routers, servers, and any other physical equipment that we think of.
Administrative controls are those that we tend to not think of. These are the policies that need to be written to back up what we are doing for technical controls. We also need to include architectural drawings in addition to other documentation about the IT resource or process we are trying to implement...
