Security Awareness Program Assessment


Our Security Awareness Program Assessment evaluates training and communications to identify areas for improvement.

The foundation of the assessment is ‘NIST 800-50, Building an Information Technology Security Awareness and Training Program’. Remaining practices have been developed by Gideon Rasmussen based on 20+ years of cybersecurity experience within corporate and military organizations.

Areas of focus include:

  • Awareness Materials
  • Comprehension
  • Communications Routines
  • Content Coverage
  • Effectiveness
  • Evaluation and Feedback
  • Funding
  • Metrics
  • Quality Assurance
  • Training and Testing
Assessment activities consist of: [1] documentation and artifact review, [2] evaluation of awareness content and online training and [3] interviews with the Security Awareness Program Manager. The assessment is conducted by phone and screen share.

Deliverables include an assessment report and a slide deck presented to executive leadership.

Fees and Payment

The assessment is billed at a flat rate. The engagement begins once the Statement of Work and Contract are signed and upon receipt of the first of three equal payments.

Phase Milestone Amount
1 SOW and Contract Execution 1/3 payment
2 First Assessment Interview 1/3 payment
3 Delivery of Draft Report 1/3 payment

Next Steps

Each engagement can be customized to meet the needs of the client. The first step in the process is to have a conference call to discuss requirements.


"We contracted Gideon to perform an in-depth, independent assessment of our information security awareness program, which includes training, phishing exercises and cyber exercises. Gideon leveraged the NIST Cyber Security Framework and the Homeland Security Exercise and Evaluation Program (HSEEP) guidance to assess the programs. Gideon’s detailed, in-depth and comprehensive report has empowered our program to successfully challenge existing roadblocks and tackle several low-effort, but high-reward improvements. Gideon is personable and very experienced; he has been wonderful to work with and enriched our programs through his efforts. I highly recommend his work.”
- Security Awareness Manager at a Financial Institution

"We engaged Virtual CSO to review our security awareness program and provide an assessment for areas of improvement. Virtual CSO delivered a comprehensive analysis based on a combination of experience, NIST standards interpretation and research. We were very pleased with the outcome as it provides a roadmap of future enhancements that will ensure our awareness program remains an excellent offering and continues to protect our organization."

Assessment Options

Custom assessments may be conducted based on the needs of the client. Here are examples:

This service offering description provides an overview for informational purposes only. The Statement of Work and the Master Services Agreement are the official documents for each assessment engagement.