Scenario 2 Euro Tech Solutions Is a leading technology company operating in Europe that specializes
In providing Innovative IT solutions With a strong reputation for reliability and excellence. EuroTech
Solutions offers a range of services, including software development, cloud computing, and IT
consulting. The company is dedicated to delivering cutting - edge technology solutions that drive
digital transformation and enhance operational efficiency for its clients.
Recently, the company was subject to a cyberattack that significantly impeded its operations and
negatively impacted Its reputation. The cyberattack resulted in a major data breach, where the
customers' data and sensitive Information ware leaked. As such, EuroTech Solutions identified the
need to improve its cybersecurity measures and decided 1o implement o comprehensive
cybersecurity program.
EuroTech Solutions decided to use ISO.'I EC 27032 and the NIST Cybersecurity Framework as
references and incorporate their principles and recommendations into its cybersecurity program. The
company decided to rapidly implement the cybersecurity program by adhering to the guidelines of
these two standards, and proceed with continual improvement (hereafter.
Initially, the company conducted a comprehensive analysis of its strengths, weaknesses,
opportunities, and threats to evaluate its cybersecurity measures. This analysis helped the company
to identify the desired stale of its cybersecurity controls. Then, it identified the processes and
cybersecurity controls that are in place, and conducted a gap analysis to effectively determine the
gap between the desired state and current state of the cybersecurity controls. The cybersecurity
program included business and IT - related functions and was separated into three phases
1. Cybersecurity program and governance
2. Security operations and incident response
3. Testing, monitoring, and improvement
With this program, the company aimed to strengthen the resilience of the digital infrastructure
through advanced threat detection, real time monitoring, and proactive incident response.
Additionally, it decided to droit a comprehensive and clear cybersecurity policy as part of its overall
cybersecurity program The drafting process involved conducting a thorough research and analysis of
existing cybersecurity frameworks Once the initial draft was prepared, the policy was reviewed, and
then approved by senior management. After finalizing the cybersecurity policy, EuroTech Solutions
took a proactive approach to its initial publication. The policy was communicated to all employees
through various channels, including internal communications, employee training sessions, and the
company's intranet network.
Based on the scenario above, answer the following question
Did EuroTech Solutions follow the sequence of steps appropriately when It conducted the gap
analysis?