UpGuard Blog

How UpGuard CSR Works

Written by UpGuard | Feb 3, 2016 11:35:20 PM

With the rate of data breaches increasing along with the risks associated with third-party suppliers, assessing and controlling cyber risk has become a massive problem for all organizations. Cyber risk determination had historically been measured through a combination of semi-automated techniques such as employee surveys and basic vulnerability scanning. Without reliable, repeatable risk assessments, monitoring cyber risk could never be done with accuracy or at scale. The UpGuard CSR (Cyber Security Rating) is a single, easy-to-understand score representing your organization's aptitude in the areas of compliance, integrity, and security. UpGuard provides a 360-degree view of cyber risk, both internally and externally to your organization.

The UpGuard CyberRisk platform provides security ratings to help manage your third-party vendor risk, and external-facing systems. The UpGuard Core product also provides CSRs for all your internal and cloud-based infrastructure, enabling your organization to have the only 360-view of cyber risk.

Compliance

The compliance segment measures an organization's ability to maintain its systems in a resilient state. First, UpGuard scores test coverage; without testing, there is no way to know that a system is misconfigured. Users can increase their test coverage by writing custom policies or choosing from UpGuard's content library. The more test coverage, the better the compliance score. Second, UpGuard calculates the pass rate for those tests. A high compliance score means the organization does a good job ensuring their servers, cloud services, and network devices are configured correctly.

Integrity

The integrity score measures an organization's ability to validate change. UpGuard documents every change within an auditable system of record, then looks at how many of those changes were found to be valid via testing. The distinction between compliance and integrity is worth noting. Compliance testing regards those items which change rarely if at all. Verifying the changes that do occur are good is another problem entirely, which we isolate in the integrity score.

The security score measures an organization's ability to detect and remediate vulnerabilities. UpGuard maintains an updated database of information about known software vulnerabilities from top security organizations around the world, and uses that information to determine which systems and software packages may be at risk. The number and severity of discovered vulnerabilities, along with the frequency of vulnerability scans, are used to calculate the overall security score of the system. Over time, as vulnerabilities are discovered and removed, the security score will also reflect an organization's time to patch.

Validation at Every Scale

The UpGuard platform enables a user to trace changes in their Cyber Security Rating down to the smallest building blocks of information technology. Looking at the bird's eye view of the organization as a whole all the way down to every configuration setting within every file is the only way to make an informed assessment of an organization's preparedness. As effect of this is that minor misconfigurations-- and the real risk they pose to the business-- are surfaced immediately in their negative impact on the rating.

Conclusion

For every system there is some ideal configuration that combines operational efficacy and security hardening. Over time, that desired state changes as new security patches are required and new software features are released. Balancing change and stability is the mandate of digitally resilient businesses. UpGuard CSR puts the essential measures of such a business-- compliance with regulatory and operational policies, integrity in change management, security against emerging and old threats-- in one place at the center of your business.

We make it easy to get started on the path to digital resilience-- contact our specialists to see how easy an UpGuard rollout can be and how simple it is to integrate UpGuard into your current workflows.