Posted on Sep 14, 2017
This week we’re continuing our ongoing efforts to provide awareness around these standards by looking at Model Governance, a principle focused on promoting fair ratings. This principle states:
“Model Governance: Prior to making changes to their methodologies and/or data sets, rating companies shall provide reasonable notice to their customers and clearly communicate how announced changes may impact existing ratings.”
SecurityScorecard grades the cybersecurity health of organizations based on the information collected by ThreatMarket, our proprietary data engine, as well as our own internal collection activities. Threatmarket collects information from several sources like data feeds, sensors, honeypots, and sinkholes. Both methods collect data that is externally accessible and public, meaning no intrusive techniques are used to gather the information.
This comprehensive swath of data is then analyzed and appropriately weighted by considering factors such as the severity of the issues, the risk level as defined by industry standards, the overall performance of similar companies, and so on. In particular, comparing the health of a company to that of its peers provides further insights and helps filter out the noise.
This means each company can look at a carefully measured, holistic, and statistically relevant view of the cybersecurity risk associated with its IP footprint and that of its vendors. Ultimately the SecurityScorecard platform reports on whether a company’s behaviors contribute to or mitigate cybersecurity risk over time and provides the user with clear identification of vulnerabilities or gaps in a company’s systems. It paints a picture of cybersecurity about a company and its vendors with the appropriate temporal and industry backdrop.
SecurityScorecard’s approach is to actively communicate substantive platform changes to customers using the appropriate methods of communication based on the update. This may include, for example:
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.