Security Risk Management in the Extended Enterprise

Securosis-Threat-Intelligence-for-Ecosystem-Risk-ManagementEarlier this month, BitSight licensed a white paper by Mike Rothman, president and analyst at Securosis. The paper, "Threat Intelligence for Ecosystem Risk Management," discusses challenges organizations face in trying to assess the security risks of third parties in the extended enterprise.

Traditional methods for assessing security risk (audits, questionnaires and network tests) provide an understanding of the controls in place, but they only reflect the status at that point in time.

To explain this further, we like to draw an analogy to home security; you have locks on your windows and doors, surveillance cameras monitoring the premises, and an alarm system installed. An audit would show that you have the proper controls in place, and a penetration test might reveal that you had everything configured on that day.

security ratings snapshot example

Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.

Get Your Rating
Button Arrow

But, how do you fare on the other 364 days of the year? Do you always use the alarm? Are the windows secured in every room? Did you leave the door unlocked for just 5 minutes? Are the surveillance cameras continuously monitored? Are your alarm settings configured correctly?

This is where a daily security effectiveness rating can be insightful. When you're sharing sensitive information with a business partner, don't you want to know when your information is at high risk? Download the white paper to explore this topic further and to see how Rothman makes the case for buying vs. building a solution for assessing partner security risk.