IAPP Webinar Extended Q&A

By Imarc

Posted on Jul 27, 2017

For those of you who joined SecurityScorecard and our customer Allstate at the IAPP Webinar on Assuring Data Privacy and Security Compliance, we greatly appreciate the lively audience! We were happy to share some of our experiences in the information security space and even happier to hear the unique insights from Derek Morford and Adriana Novielli at Allstate.

With over 400 registrants, we did not have time to get through all the audience questions during the Q&A session, so we thought we’d take time to answer a few more of those questions in this post.

Does use of something like security scorecard create reasonable diligence to monitoring suppliers appropriately over time for security?

Yes, SecurityScorecard takes a continuous monitoring approach where any company in the platform monitored in real time continuously on an ongoing basis. Data analytics is stored on a historical basis so users can go back in time to view performance history. This data is actively used by customers to serve as evidence of due care for third party or compliance party.

What is the minimum number of people needed to implement a vendor program?

It really depends on the demands from the business, the volume of companies that require diligence, and so on.

Do you categorize your vendors by risk only, or some other manner, say, industry, service, etc.?

There are several ways to categorize and bucket your vendors. Each company buckets vendors slightly differently based on their specific needs. One example is bucketing by level of criticality, but we do see customers bucketing into other types of groups such as : by department, by business function, by use-case, or all of the above. Put simply, how categorize vendors depends heavily on the needs of the business.

How does Security Scorecard get the information needed to determine a grade?

The majority –about 80 percent-- of the data used in scoring is collected by Threatmarket, our proprietary data collection engine. ThreatMarket collects data in the following ways:

  • Scans the entire IPv4 space regularly,
  • Operates a battery of sinkholes to track malware infections on client systems on a daily basis,
  • Performs a variety of additional collection activities on a non-intrusive basis to identify weaknesses in an entity’s cybersecurity posture, such as open ports exposing services that should not be exposed, weak ciphers, out-of-date software with critical vulnerabilities, etc.

In addition, SecurityScorecard supplements its ThreatMarket data with data from public sources and from some third-party commercial sources.

Where will the presentation be shared?

If you missed our  IAPP Webinar on Assuring Data Privacy and Security Compliance? Click here to view the recording.

Security Research in your Inbox

Thanks for siging up for the newsletter!

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!