...Loading...
Banner Image

Categories

2Education
Education (2)
6General
General (2)
4In The News
In The News (1)
3Press Release
Press Release (2)
1Regulation
Regulation (4)
5Thought Leadership
Thought Leadership (2)

Archives

201811November3
November 2018 (3)
201808August2
August 2018 (2)
201807July1
July 2018 (1)
201805May1
May 2018 (1)
201804April1
April 2018 (1)
201803March3
March 2018 (3)
201802February1
February 2018 (1)
5https://www.securitygate.io/blog/2018/04/cyber-security-ratings
What You Need To Know About Cyber Security Ratings
Posted by: Poster Avatar Brent Gage   |    04/23/2018 08:00 AM    |    Categorized under:  Education


What are security ratings?

Security ratings are metrics used by a number of different companies to quantify businesses’ cyber risk.  As security ratings continue to mature, more organizations in the public and private sectors leverage ratings to make business and risk decisions.  Because of the increased interest in security ratings, the US Chamber of Commerce has some recommendations for industry-wide approaches to increase the public confidence in them:       

  • Promote quality and accuracy in the production of security ratings·      
  • Promote fairness in reporting·      
  • Include a coordinated process for adjudicating errors or inaccuracies in reported content·      
  • Establish guidelines for appropriate use and disclosure of the scores and ratings

Some issues associated with security ratings

The general purpose for these guidelines is to provide security ratings that are as trustworthy and well-known as the current system of credit ratings.  This is a worthy goal, but the cyber security sector just isn’t there yet.  The meaning of a specific security rating can be hard to pin down, as it depends on the company’s data set as well as the methodologies they apply to those data sets.

where do security ratings fail?

Security ratings may be incorrect, for a couple of reasons: ·      

  • Ratings that use external data can be very vulnerable to tweaking the rating system to the favor of the business.  That is, companies can make small changes that only affect their score, and don’t address the underlying security issues.
  • Ratings that use internal verticals can be years out of date.

THE ONLY TRUE USE OF A SECURiTY RATING IS COMPARISON AND TRACKING.

Compare the relative security of your assets and/or your suppliers to each other.  Track the progress you’ve made.  Getting the most accurate security rating is predicated on having a recent internal cyber security assessment. 

The SecurityGate Security Risk and Compliance Management Platform automates this process, giving you access to your company’s milestone progress to cyber security compliance, as well as all your suppliers and vendors.  You can then quickly isolate your security issues with the most up-to-date information.  

 

 

Ref 

https://www.uschamber.com/issue-brief/principles-fair-and-accurate-security-ratings

Author Image

Author

Brent Gage

MORE POSTS BY Brent Gage

Featured Image

Next Post

SECURITYGATE UNVEILS NEW PLATFORM