Information security audit teams assess compliance with information security requirements and identify strengths, weaknesses, opportunities, and threats (SWOT).
Formal standards or frameworks such as, but not limited to, ISO27001, ISO22301, GDPR, and NIST can be used to support formal security gap analysis.
Choose one and determine the top 10 information security requirements.