<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Security Ratings

Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

Alex Campanelli | June 26, 2019

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics Stephanie Forrest and Benjamin Edwards, this paper highlights the research done to correlate security ratings with the incident of a breach. As such, the paper demonstrates how an organization’s security practices can be measured externally and how these practices can be linked to observed security problems. Using statistical analysis, the authors then study the correlation between risk vectors and botnet infections. The paper argues that this information is sufficient to assess the security maturity of an organization using only externally available information.

BitSight was founded in 2011 out of a research project to try and understand which objective and verifiable vectors were most correlated to the likelihood of a breach, and how their impact could be measured. Since that time we have consistently invested in delivering security ratings with the greatest depth and breadth to help organizations operating around the globe manage risk. This research validates that. 

We follow a rigorous, multi-month research and evaluation process for each new data source to qualify its accuracy and reliability. In addition to the data on compromised systems gleaned from our proprietary sinkholing infrastructure — regarded as the largest in the world, our team also develops strategic partnerships with global data providers to increase the diversity of perspectives that inform corporate, industrial, and sovereign security risk.

BitSight is committed to providing ratings that leverage objective data, as covered in this research paper. In order to accomplish this, we have invested in the right technology, process and people to ensure that the ratings available in our security ratings platform are, without a doubt, the best and most accurate in the industry.

Read "Risky Business: Assessing Security with External Measurements" here.

Suggested Posts

Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics...

READ MORE »

What Are Security Ratings?

Security ratings are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a variety of critical,...

READ MORE »

The Board’s Role in Managing Disruptive Risk: Enter Security Ratings

Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate...

READ MORE »

Subscribe to get security news and updates in your inbox.