A system may identify resources such as applications or network locations that are not adequately covered by an enterprise's security policy to notify a network administrator of such deficiencies. An exemplary security policy may allow or deny access to individual functional resources (e.g. computing devices and/or applications) or groups of functional resources to individual data resources (e.g. enterprise network storage locations and/or enterprise data) or groups of data resources. The system may monitor enterprise network activity to identify when a security policy fails to define permissions corresponding to the use of particular resources. In response to identifying such gaps in the security policy, the system may enter policy enforcement event information into a policy learning log. The system may further generate a policy gap notification and transmit this notification to a policy management service to prompt a network administrator to take remedial action if appropriate.