Strategic Program Security Assessment (SPSA)

The Strategic Program Security Assessment (SPSA) is an approach to managing and maturing our customer’s security programs and achieving measurable results that improve their overall security posture.

 A cost effective, innovative approach with measurable results.

A Strategic Program Security Assessment should be a part of any company’s security program. The assessment measures your program against industry standards and best practices and identifies and prioritizing risks, vulnerabilities and threats.


Understand your overall state of cybersecurity readiness


Gain visibility into existing gaps and prioritize risks


Inform decision making and plan future investments


Improve program maturity in accordance with industry standards


Protect against cybersecurity threats and reduce response times

The Focus

The Strategic Program Security Assessment is designed to improve overall security posture with a cost-effective and innovative assessment approach.



Assessment of the current state of key security areas, which may include Risk, Vulnerability, and Threat Management as well as Security Operations, Incident Response, and Data Security.


Develop a target state for each program area.


Evaluate the organizational structure, resource capacity, staff capabilities, and training requirements needed to support the target state.


Create a set of recommendations and roadmap to remediate gaps and reach target state. Prioritize next steps using decision modeling as part of a strategic plan.


Evaluate potential solution and services investment options to help guide priorities emphasizing what changes need to be made with supporting explanations.

The Process

The SPSA information gathering is conducted through interviews, workshops, and review of key documents such as current operational runbooks, security policies, operational procedures, architecture diagrams, tool inventories, and audits that are currently in progress from firms performing complementary assessments:

The specific areas that are included within the SPSA are:

Strategy and Business Alignment

Meetings with key stakeholders to understand key business drivers and ensure alignment between business and security program objectives.


Review of control environment including technologies deployed along with supporting security architecture.

Operations & Support

Review current operational and support capabilities to maintain each technical infrastructure.

Organization, Team, & Training

Review of personnel and training needed to provide resource capacity and skills required to support target state.

Response and Remediation

Understand how output from each program area leads to subsequent response and remediation activities including evaluation of overall

Metrics & Reporting

Review operational metrics and management reporting. Understand how data produced is currently being consumed, interpreted, and used.


For your SPSA project, we will provide a final report which may include, but is not limited to:


Strategic Program Security Assessment Report

  • Executive Summary
  • Target State Models and Frameworks – an illustration of each of the program areas’ target state using a multi-tiered heat map depicting levels of maturity.
  • Gap Analysis – a discussion on current and target states with gaps, remediation activities, and project roadmap recommendations.

Strategic Program Security Assessment Report Presentation

  • A management-oriented PowerPoint inclusive of all the major components of the report delivered to an audience.

Schedule a Call or Consultation

Our Security Practice has a proven track record of delivering security assessments for organizations of all sizes in highly regulated industries worldwide. The objective is to provide our customers with a cost-effective, innovative approach to managing and maturing their programs and achieving measurable results.