May 17, 2022
OneTrust Third-Party Risk Exchange Now Provides SecurityScorecard Cybersecurity Rating
4 Min Read
The increase in third-party related security attacks has been felt acutely by organizations globally. Each third party creates additional vulnerabilities by expanding the number of entry points into an organization.
To help organizations handle these cyber concerns, OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings on thousands of third parties to provide greater insight into their cyber risk posture. The new out-of-the-box Cybersecurity Ratings are in addition to the existing integration, which enables OneTrust customers to automatically take action when a third party’s score changes.
What is the SecurityScorecard Cybersecurity Rating?
SecurityScorecard is a global leader in cybersecurity ratings, used by thousands of organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting. All of this leads to a solution that encourages cyber resilience in the face of an ever-growing threat landscape.
The company’s Cybersecurity Rating uses an objective rating system through dynamic assessments, doling out grades from A to F based on a business’s cyber security posture. That score can then be used as a baseline for other companies to make informed decisions about your organization’s risk management and cyber standing.
That score comes from an evaluation of 10 criteria, including:
The Network Security module checks public datasets for evidence of high risk or insecure open ports within the organization network
The DNS Health module measures the health and configuration of an organization’s DNS settings. It validates that no malicious events occurred in the passive DNS history of the organization’s network.
The Patching Cadence module analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.
The Endpoint Security module tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.
The IP Reputation and Malware Exposure module makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.
The Application Security module uses incoming threat intelligence from known exploitable conditions identified via: whitehat CVE databases, blackhat exploit databases, and sensitive findings indexed by major search engines.
The Cubit Score module measures a variety of security issues that an organization might have. For example, we check public threat intelligence databases for IP addresses that have been flagged.
The Hacker Chatter module is an automated collection and aggregation system for the analysis of multiple streams of underground hacker chatter.
This Information Leak module makes use of chatter monitoring and deep web monitoring capabilities to identify compromised credentials being circulated by hackers.
The Social Engineering Module is used to determine the potential susceptibility of an organization to a targeted social engineering attack.
What is the OneTrust Third-Party Risk Exchange?
The OneTrust Third-Party Risk Exchange is a collaboration and information sharing platform that brings businesses and their third parties together into a single community to share information and build mutual trust. Thousands of organizations and their third parties participate in the Exchange to collectively centralize and share critical information about their security, privacy, ethics and compliance, and ESG programs. This community-based approach makes third-party risk easier for everyone involved – both you and your third parties.
The Exchange streamlines vendor risk assessments by giving third parties the ability to share assessment answers with the click of a button. Meanwhile, assessment requesters can view the results via the Exchange, which are automatically analyzed to generate risk analytics and control gap reports.
Additionally, third parties that join the Exchange get access to valuable capabilities, including the ability to build and share their free Trust Profile, a shareable profile that third parties use to aggregate key information about their security, privacy, ethics, and ESG programs. Third parties also have the ability to create a library of assessment answers and use that information to autocomplete any new ones they receive.
SecurityScorecard is a Silver Sponsor at TrustWeek from May 23-26. As a result of the partnership, all OneTrust members can take advantage of a complimentary SecurityScorecard Enterprise License that enables you to monitor your organization as well as up to five vendors.
Learn more about the OneTrust Third-Party Risk Exchange and the partnership with SecurityScorecard by requesting a demo here.