A Brief History of Vendor Risk Scoring

Vendor risk scoring is a practice that has emerged to address the complexity of vendor management by assigning vendors a single score– typically a number or letter grade– to facilitate comparison between vendors and portfolios. The past decades of digital transformation have provided both the need for innovative IT security hygiene assessment techniques and the technological capabilities to gather and analyze the data necessary to give those risk scores predictive power. Now the vendor solutions have reached a level of maturity that they are valuable for businesses of all sizes and sectors.

Read More

BitSight vs SecurityScorecard

Information technology has changed the way people do business. For better, it has brought speed, scale, and functionality to all aspects of commerce and communication. For worse, it has brought the risks of data exposure, breach, and outage. The damage that can be done to a business through its technology is known as cyber risk, and with the increasing consequences of such incidents, managing cyber risk, especially among third parties, is fast becoming a critical aspect of any organization. The specialized nature of cyber risk requires the translation of technical details into business terms. Security ratings and cyber risk assessments serve this purpose, much like a credit score does for assessing the risk of a loan. But the methodologies employed by solutions in this space vary greatly, as do their results.

Read More