Posted on Sep 14, 2017
Recently, we explained how the SecurityScorecard platform meets the US Chamber of Commerce’s Principles for Fair and Accurate Security Ratings directive to provide accurate and validated ratings.
This week we’re continuing our ongoing efforts to provide awareness around these standards by looking at Model Governance, a principle focused on promoting fair ratings. This principle states:
“Model Governance: Prior to making changes to their methodologies and/or data sets, rating companies shall provide reasonable notice to their customers and clearly communicate how announced changes may impact existing ratings.”
SecurityScorecard grades the cybersecurity health of organizations based on the information collected by ThreatMarket, our proprietary data engine, as well as our own internal collection activities. Threatmarket collects information from several sources like data feeds, sensors, honeypots, and sinkholes. Both methods collect data that is externally accessible and public, meaning no intrusive techniques are used to gather the information.
This comprehensive swath of data is then analyzed and appropriately weighted by considering factors such as the severity of the issues, the risk level as defined by industry standards, the overall performance of similar companies, and so on. In particular, comparing the health of a company to that of its peers provides further insights and helps filter out the noise.
This means each company can look at a carefully measured, holistic, and statistically relevant view of the cybersecurity risk associated with its IP footprint and that of its vendors. Ultimately the SecurityScorecard platform reports on whether a company’s behaviors contribute to or mitigate cybersecurity risk over time and provides the user with clear identification of vulnerabilities or gaps in a company’s systems. It paints a picture of cybersecurity about a company and its vendors with the appropriate temporal and industry backdrop.
SecurityScorecard’s approach is to actively communicate substantive platform changes to customers using the appropriate methods of communication based on the update. This may include, for example:
Want to learn more about SecurityScorecard’s approach to the principles? Check our post about Security Ratings, our Focus on Transparency post, or our Focus on Dispute, Correction or Appeal post.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.