Security ratings are metrics used by a number of different companies to quantify businesses’ cyber risk. As security ratings continue to mature, more organizations in the public and private sectors leverage ratings to make business and risk decisions. Because of the increased interest in security ratings, the US Chamber of Commerce has some recommendations for industry-wide approaches to increase the public confidence in them:
general purpose for these guidelines is to provide security ratings that are as
trustworthy and well-known as the current system of credit ratings. This is a worthy goal, but the cyber security
sector just isn’t there yet. The meaning
of a specific security rating can be hard to pin down, as it depends on the
company’s data set as well as the methodologies they apply to those data sets.
Security ratings may be incorrect, for a couple of reasons: ·
Compare the relative security of your assets and/or your suppliers to each other. Track the progress you’ve made. Getting the most accurate security rating is predicated on having a recent internal cyber security assessment.
The SecurityGate Security Risk and Compliance Management Platform