During last month's FS-ISAC webinar, Home Depot, the SEC and Increasing Board Oversight: Why Metrics Matter More and More, BitSight CTO and Co-Founder Stephen Boyer answered questions from attendees about why using IT security metrics is more important than ever before. He also performed a live demo of BitSight Security Ratings to show how to prove that security ratings work.
There are a few clips from the webinar below, as well as other uses for Security Ratings and ways you can show your effort is paying off.
Is BitSight a replacement or a complement to ISAC data?
There is no replacement for the ISACs. Often times, those are industry-specific threats that are targeting a specific subset or group.
BitSight Security Ratings work best as one of the tools in a holistic information security strategy. By incorporating Security Ratings into a plan with ISAC data and other initiatives, businesses can get a complete understanding of their network's cyber risk posture.
How can Security Ratings be used to assess third party vendors?
Our clients have used Security Ratings to vet potential acquisition targets, as well as vendors that the company is interested in working with. Whether it is through our continually-updated ratings or a one-time report, both have been used to discover the risk posture of companies in a given ecosystem.
How can you use the BitSight portal to monitor security events?
BitSight's Events Tab graphs botnet infections, spam propagation, malware servers, potentially exploited hosts and unsolicited communication for you. By mousing over different events on the graph, you can see which risk vectors have been the biggest problem for your network, in terms of both frequency and length of the events. You can also filter by type of event to more easily learn about each specific instance.
Other uses of Security Ratings include:
- Examining current partners to make sure their information security is strong enough to keep the relationship without exposing your company to large amounts of risk.
- Comparing one company's performance to others or an industry to see if that company is ahead of the curve (or at least doing everything it can to keep its data safe).
- Receiving alerts for changes in a company's rating to quickly address the issue.
Proving that Security Ratings are Worth Using
- Examine how much the Security Ratings for a critical vendor have risen since your company mentioned the areas for improvement in the vendor's network.
- If your network has seen a reduction in the remediation time or the number of events happening, show the difference.
Although no company is completely immune from being the next Sony, Security Ratings can help you show that you're doing everything within your power to protect your data.
For more information on quantifying security performance, take a look at a previous version of BitSight Bits.
