Posted on Jul 18, 2017
We recently worked with the US Chamber of Commerce and other security ratings organizations to release the Principles for Fair and Accurate Security Ratings.
As the Chamber of Commerce states, these ratings were development with the following goals in mind:
We stand behind every word of these principles, and to prove it, we’re showing you exactly how we deliver on every word. This week’s focus is the principle of transparency.
"Transparency. Rating companies shall provide sufficient transparency into the methodologies and types of data used to determine their ratings, including information on data origination as requested and when feasible, for customers and rated organizations to understand how ratings are derived. Any rated organization shall be allowed access to their individual rating and the data that impacts a change in their rating.”
“Transparency into the methodologies”
Learn more about our several patented methodologies on the US Patent and Trademark Office site. (Relevant patent Nos. are 9,641,547, 9,501,647, 9,372,994, 9,294,498)
“Transparency into the types of data used to determine ratings”
SecurityScorecard collects various types of data on cybersecurity risk. The majority –about 80 percent-- of the data used in scoring is collected by Threatmarket, our proprietary data collection engine. ThreatMarket collects data in the following ways:
In addition, SecurityScorecard supplements its ThreatMarket data with additional data from public sources and from some third-party commercial sources.
“Information on data origination”
Our proprietary fingerprint engine is the full range of any corporations’ public IP address infrastructure not behind a firewall. Our proprietary matching engine takes all the risk signals and sensors we collect, matches them to a digital fingerprint to complete attribution. Reference our above listed patents for more detailed information.
“Access to Individual Rating and Data that impacts Rating Change”
SecurityScorecard provides free access to scores here. Additionally, vendors of existing SecurityScorecard customer can be invited to the platform. Read more about our collaborative vendor invite function here.
Check back into our blog to learn about how we deliver on the other five principles or read more about the principles in general.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.