Posted on Sep 14, 2017
This week we’re continuing our ongoing efforts to provide awareness around these standards by looking at Model Governance, a principle focused on promoting fair ratings. This principle states:
“Model Governance: Prior to making changes to their methodologies and/or data sets, rating companies shall provide reasonable notice to their customers and clearly communicate how announced changes may impact existing ratings.”
SecurityScorecard grades the cybersecurity health of organizations based on the information collected by ThreatMarket, our proprietary data engine, as well as our own internal collection activities. Threatmarket collects information from several sources like data feeds, sensors, honeypots, and sinkholes. Both methods collect data that is externally accessible and public, meaning no intrusive techniques are used to gather the information.
This comprehensive swath of data is then analyzed and appropriately weighted by considering factors such as the severity of the issues, the risk level as defined by industry standards, the overall performance of similar companies, and so on. In particular, comparing the health of a company to that of its peers provides further insights and helps filter out the noise.
This means each company can look at a carefully measured, holistic, and statistically relevant view of the cybersecurity risk associated with its IP footprint and that of its vendors. Ultimately the SecurityScorecard platform reports on whether a company’s behaviors contribute to or mitigate cybersecurity risk over time and provides the user with clear identification of vulnerabilities or gaps in a company’s systems. It paints a picture of cybersecurity about a company and its vendors with the appropriate temporal and industry backdrop.
SecurityScorecard’s approach is to actively communicate substantive platform changes to customers using the appropriate methods of communication based on the update. This may include, for example:
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.