BITSIGHT SECURITY RATINGS BLOG

Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.

Types of Penetration Testing: Which Is Right for Your Business?

Penetration tests (a.k.a. pen tests) are point-in-time assessments of cybersecurity. They allow IT and security professionals to assess the adequacy of security controls, including intrusion detection and response systems, and identify...

READ MORE »

Third-Party Cyber Risk: Blind Spots, Emerging Issues & Best Practices

Recently, BitSight and the Center for Financial Professionals (CeFPro) released a joint report that explores how financial services organizations are addressing challenges associated with third-party cyber risk management.

READ MORE »

Vendor Due Diligence Checklist: 31 Steps to Selecting a Third Party

Due diligence processes for vendor procurement vary by company, industry, and region. Some regulatory bodies dictate due diligence practices, and some industry groups have adopted standardized processes. In addition, requirements may...

READ MORE »

What Are Security Ratings?

Security ratings are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a variety of critical,...

READ MORE »

Cybersecurity Risk Assessment Tools You Can Use Year-Round

When it comes to improving cybersecurity at your organization, there are some fixes that you can undertake with very little preparation. More robust remediation efforts, however, usually start with a cybersecurity risk assessment.

READ MORE »

The Board’s Role in Managing Disruptive Risk: Enter Security Ratings

Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate...

READ MORE »

NERC CIP-013-1: Effective Date, Preparation Strategies, & Impact

The North American Electric Reliability Corporation (NERC) has developed a new set of cybersecurity standards designed to help power and utility (P&U) companies limit their exposure to third-party cyber risks and preserve the reliability...

READ MORE »

Gartner Names Security Ratings a Top 10 Security Project for 2019

Just a few weeks ago, Gartner released their list of “Top 10 Security Projects for 2019”, and named security ratings services as a business imperative.

READ MORE »
Load More

Subscribe to get security news and updates in your inbox.