LOGBOOK

HELP

Quiz Entry - updated: 2026.06.23

What is the purpose of comparing a "current state" against a "desired state" for each security measure?

The gap between where a control is today (current) and where it needs to be (desired) is exactly the work the improvement roadmap must fund — it makes the investment case concrete and prioritizable.

For each measure (segmentation, access management, XDR monitoring, incident response) you rate where you stand now and where you want to be. The size of each gap, weighted by the impact and likelihood of the threats it addresses, tells you what to do first. WHY this matters: a roadmap built on gaps tied to real threats and assets is risk-based and defensible. Without the current-vs-desired comparison, "improvement" is just a wish list with no priority and no way to show progress.

From Quiz: ISM / Threat & Impact Modelling | Updated: Jun 23, 2026