Posted on Mar 27, 2019
Do you know your hackers’ window of opportunity? That’s the critical question that you need to be asking your own organization, third-party vendors, insurance applicants, and M&A targets.
Standards like NIST CSF and SIG can tell you which policies and processes you need to maintain organizational security, but they don’t tell you which controls you need to have in place. On top of that, it’s exceedingly difficult for an organization to know if its controls are not only working, but actually effective in implementing the NIST and the SIG recommendations.
To mitigate this ambiguity, we’re releasing a new module called Security Program Analytics. Located in the Reports section of your SecurityScorecard interface, you can review a couple of key outcome-driven metrics:
These key indicators of organizational health — observable from outside the organization — measure the efficacy of its internal IT security control. Using Google Chrome as an example, Security Program Analytics will tell you what percentage of your browsers are up to date, as well as the average time it takes between initializing the update and achieving company-wide adoption — the window of opportunity for attackers to exploit any vulnerabilities.
You can also measure the maturity and evolution of your organization’s IT security program over the last 12 months, and monitor how quickly and effectively they respond to software updates when new vulnerabilities are discovered.
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen. The right vendor risk assessment template can be crafted to assure compliance with regulatory requirements.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.