The company’s Cybersecurity Rating uses an objective rating system through dynamic assessments, doling out grades from A to F based on a business’s cyber security posture. That score can then be used as a baseline for other companies to make informed decisions about your organization’s risk management and cyber standing.
That score comes from an evaluation of 10 criteria, including:
The Network Security module checks public datasets for evidence of high risk or insecure open ports within the organization network
The DNS Health module measures the health and configuration of an organization’s DNS settings. It validates that no malicious events occurred in the passive DNS history of the organization’s network.
The Patching Cadence module analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.
The Endpoint Security module tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.
The IP Reputation and Malware Exposure module makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.
The Application Security module uses incoming threat intelligence from known exploitable conditions identified via: whitehat CVE databases, blackhat exploit databases, and sensitive findings indexed by major search engines.
The Cubit Score module measures a variety of security issues that an organization might have. For example, we check public threat intelligence databases for IP addresses that have been flagged.
The Hacker Chatter module is an automated collection and aggregation system for the analysis of multiple streams of underground hacker chatter.
This Information Leak module makes use of chatter monitoring and deep web monitoring capabilities to identify compromised credentials being circulated by hackers.
The Social Engineering Module is used to determine the potential susceptibility of an organization to a targeted social engineering attack.
What is the OneTrust Third-Party Risk Exchange?
The OneTrust Third-Party Risk Exchange is a collaboration and information sharing platform that brings businesses and their third parties together into a single community to share information and build mutual trust. Thousands of organizations and their third parties participate in the Exchange to collectively centralize and share critical information about their security, privacy, ethics and compliance, and ESG programs. This community-based approach makes third-party risk easier for everyone involved – both you and your third parties.