Our Security Awareness Program Assessment evaluates training and communications to identify areas for improvement.
The foundation of the assessment is ‘NIST 800-50, Building an Information Technology Security Awareness and Training Program’. Remaining practices have been developed by Gideon Rasmussen based on 20+ years of cybersecurity experience within corporate and military organizations.
Areas of focus include:
Deliverables include an assessment report and a slide deck presented to executive leadership.
Fees and Payment
The assessment is billed at a flat rate. The engagement begins once the Statement of Work and Contract are signed and upon receipt of the first of three equal payments.
SOW and Contract Execution
First Assessment Interview
Delivery of Draft Report
- Security Awareness Manager at a Financial Institution
"We engaged Virtual CSO to review our security awareness program and provide an assessment for areas of improvement. Virtual CSO delivered a comprehensive analysis based on a combination of experience, NIST standards interpretation and research. We were very pleased with the outcome as it provides a roadmap of future enhancements that will ensure our awareness program remains an excellent offering and continues to protect our organization."
Custom assessments may be conducted based on the needs of the client. Here are examples:
Vendors and Service Providers
Business Process Risk
Line of Business Risk
FMEA Process Risk
Security Operations Center (SOC)
Security Awareness Program
Mergers and Acquisitions
Zero Trust Security Model
Threat Landscape and Controls
Cyber Exercise Program
Penetration Test Program
Agile Security Testing
This service offering description provides an overview for informational purposes only. The Statement of Work and the Master Services Agreement are the official documents for each assessment engagement.