Information Security Assessments
A security risk analysis (or assessment) is an objective analysis of the effectiveness of the current security controls that protect an organization's assets and a determination of the probability of losses to those assets.
Information Security Regulation Gap Assessments
A gap assessment is a comparison between current controls and required controls. A gap assessment differs from a risk assessment in that the analysis of the impact of found gaps is not required in a gap assessment.