Sunday 05 July 2026 16:23:29 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Control gap

the distance between intended security policy and real operational protection.

A control gap is the distance between the security an organization intends to have and the protection it actually operates. It appears when policies, procedures, technical tools, or staff behavior do not fully match the stated security requirements.

In cyber security, control gaps matter because attackers exploit the difference between “on paper” defenses and real-world execution. For example, a company may require multi-factor authentication, but if it is not enforced on all accounts, a stolen password can still lead to compromise. Similar gaps can exist in patching, logging, access reviews, incident response, or backup testing. Defenders look for control gaps by comparing policy to configuration, validating controls through audits and testing, and measuring whether security outcomes match the standard. Closing these gaps reduces exposure and makes compliance, resilience, and insurance expectations more likely to align.

← WIKICROOK index