Main Site HUB FAQ Security Ratings How Does SecurityScorecard Implement the Fair and Accurate Ratings Principles of the US Chamber of Commerce?

HUB

How Does SecurityScorecard Implement the Fair and Accurate Ratings Principles of the US Chamber of Commerce?

SecurityScorecard use both active and passive collection methods to gather proprietary data which includes indicators of compromise such as malware infections and domain/ IP based vulnerabilities, and third-party data which includes exposed databases and data leaks.

SecurityScorecard leverages the use of advanced machine learning algorithms and other proprietary methods that accurately attribute IP addresses found on the open internet to the company that has operational ownership of the associated systems. We recalibrate on a monthly basis. To ensure that attribution accuracy does not degrade over time, we have short time values so that we are constantly refreshing the data. For scoring accuracy, we recalibrate monthly, ensuring the average that companies are scored against is accurate and we continuously ingest current breach data and periodically run a regression analysis to ensure that scores are still well aligned with relative likelihood of beach.

Visit our Trust Portal to learn more about how SecurityScorecard has implemented each of Fair and Accurate Ratings Principles.

Confidentiality

Confidentiality

All information disclosed during a rating challenge or dispute is protected according to Confidentiality terms documented in the SecurityScorecard Master Service Agreement.

Learn More

Security Lock
Company Trust And Transparency Icon

Transparency

Transparency

Our customers have access to the greatest volume and quality of intelligence available. SecurityScorecard leverages data mined with the market’s leading capabilities and relies on a global network of sensors to monitor signals across the internet. We enrich our data using commercial and open-source intelligence sources and track over 79 security issues.

Learn More

Accuracy & Validation

Accuracy & Validation

Online Business Systems found SecurityScorecard’s footprinting to be very accurate. Over the course of testing, Online evaluated SecurityScorecard’s data for a total of 13 unique, unrelated, and randomly selected domains and found SecurityScorecard’s attribution process to have an accuracy of 95%. The accuracy for positively attributing IP Addresses was found to be 94%, and for DNS Records it was found to be 100%.

Learn More

Dispute, Correction, and Appeal

Dispute, Correction, and Appeal

Any rated organization has the right to dispute information on their SecurityScorecard security rating and provide clarifying information for consideration. SecurityScorecard has three resolution types: dispute, correction, and appeal.

Learn More

Independence

Independence

SecurityScorecard’s ratings are fully independent and free of any commercial bias. To facilitate a fair, consistent, and meaningful evaluation of cybersecurity risk, SecurityScorecard uses robust statistical methods to evaluate the security posture of a company compared to others of similar size.

Learn More

Laptop Icon

Model Governance

Model Governance

SecurityScorecard grades the cybersecurity health of organizations based on the information collected by our proprietary data engine, as well as our own internal collection activities. Both methods collect data that is externally accessible and public, meaning no intrusive techniques are used to gather the information. This comprehensive swath of data is then analyzed and appropriately weighted.

Learn More