Posted on Mar 27, 2019
Do you know your hackers’ window of opportunity? That’s the critical question that you need to be asking your own organization, third-party vendors, insurance applicants, and M&A targets.
Standards like NIST CSF and SIG can tell you which policies and processes you need to maintain organizational security, but they don’t tell you which controls you need to have in place. On top of that, it’s exceedingly difficult for an organization to know if its controls are not only working, but actually effective in implementing the NIST and the SIG recommendations.
To mitigate this ambiguity, we’re releasing a new module called Security Program Analytics. Located in the Reports section of your SecurityScorecard interface, you can review a couple of key outcome-driven metrics:
These key indicators of organizational health — observable from outside the organization — measure the efficacy of its internal IT security control. Using Google Chrome as an example, Security Program Analytics will tell you what percentage of your browsers are up to date, as well as the average time it takes between initializing the update and achieving company-wide adoption — the window of opportunity for attackers to exploit any vulnerabilities.
You can also measure the maturity and evolution of your organization’s IT security program over the last 12 months, and monitor how quickly and effectively they respond to software updates when new vulnerabilities are discovered.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.