What process reviews control objectives for an organization, system, or service to determine if controls do not meet the control objectives?

A gap analysis is used to determine whether controls meet control objectives for a service, an organization, or a system. Penetration tests simulate an attacker trying to gain access or breach systems and other controls. Boolean analysis is not a security term, and risk analysis is done as part of risk assessment.