Driving Greater Prioritization In Vendor Risk Management

Noah Simon | December 13, 2016

With third parties becoming a major attack vector into organizations, BitSight is focused on enabling security and vendor risk professionals to better prioritize their efforts when it comes to identifying and monitoring cyber security risks across their vendor ecosystem.  BitSight Security Ratings customers can now prioritize issues and receive customized alerts when the aggregate performance of multiple companies change.

Remediation Strategy

The BitSight Security Ratings portal now features a Remediation Strategy section to help risk and security stakeholders focus on improving their organization’s security posture. As we have shown, organizations with a higher security rating are less likely to experience a publicly-disclosed data breach. This new capability highlights the risk vectors that have the highest Rating Impact and quantitatively identifies where organizations should focus remediation efforts. Strategies are presented from most to least Rating Impact.

remediation strategy.pngThe strategy is available for all companies in a customer's portfolio and provides information to prioritize remediation efforts, enhance security effectiveness, and guide security conversations with third parties and business associates. Companies who take advantage of this feature can strengthen their security posture and drive security progress across their entire supply chain.

Want to see how your security posture could be improved? Schedule an appointment today!

Folder Level Alerting

Customers can now set folder-level alerts to be notified when the aggregate security posture of multiple companies changes. Many customers are already using folders to segment their third parties into different buckets based off the business function they provide and risk they pose. Folder level alerts provide the ability for customers to set specific rating alerts for each folder, allowing the customer to set more stringent alert preferences for Tier 1 vendors and looserDemo Request - Third Party preferences for Tier 2 or 3 vendors. Alerts deliver critical information right to your inbox and provide  the insight that you need to manage third party risk.

Customers can use folder level alerting as an important reporting mechanism on the health of their vendor risk program. If organizations are frequently getting alerts for rating drops, it’s possible their vendor risk management strategy needs to be revisited.

Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...


Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...


Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...


Subscribe to get security news and updates in your inbox.