NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
January 17, 2019

2 Questions to Determine if a Security Program Review or Security Assessment is Better for Your Company

Justin Fimlaid Justin Fimlaid

The beginning of the year is a great time to review your security posture. You have many options available to you as to how you conduct security review. The most common ways that we see companies approach a review of their security program generally falls into two approaches.

The first approach is companies looking for a security program review. This is intended to be a broad look at your overall security program and the security capabilities that exist within your company. A security program review always has an assessment component to start however the security program review also looks into security capabilities and the maturity of those capabilities. A good example of a security program review exists within the NIST Cybersecurity Framework. The NIST Cybersecurity Framework measures your security program and specifically the ability of your company to:

  1. Identify - Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
  2. Protect - Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
  3. Detect - Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
  4. Respond - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
  5. Recover - Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

The second most common way is through a security assessment measuring your company against and comparing to an established security or regulatory framework. Some examples of this would include PCI-DSS, HIPAA, or ISO 27001 to name a few. Typically, in this scenario companies are looking to comply with or conform to an established security compliance or regulatory framework. Usually companies looking to pursue this type of assessment are looking to comply with or conform to one of these standards.

While a security assessment can be used for security maturation efforts, a security assessment is generally a step toward conforming to a compliance standard and trying to grab some solid security practices on the way.

2 Questions to ask to determine if a security program review or security assessment is right for your company:

  1. Are you, first and foremost, looking to comply with HIPAA, PCI-DSS, MARS-E 2.0 or another regulatory framework?  If yes, a security assessment might be right for you.  A roadmap or remediation plan would set you on the path to comply with said security framework.
  2. Are you looking for a strategic security roadmap that measures your capabilities today and give you a path to mature your security posture in the future? If yes, then a security program review might be right for you.

If you're unsure how to answer the above questions and still need help, give us a shout!

Included Topics

  • Security Operations,
  • Security Testing
Justin Fimlaid
Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Related Posts

Compliance 4 min read
Which Security Controls Framework Is Right for You? Read More
Cybersecurity Technology 3 min read
What's the Difference Between Splunk Enterprise Security and Security Essentials? Read More
Compliance 2 min read
10 Strategic Security Metrics to Help Manage Your Information Security Program Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.