bitsight security ratings
play

BitSight Security Ratings www.bitsighttech.com Trends 2 - PowerPoint PPT Presentation

Mar 28, 2024 •106 likes •407 views

BitSight Security Ratings www.bitsighttech.com Trends 2 www.bitsighttech.com Increasing governance and assurance required Subsidiary Third Party Risk Risk Management Management Fourth Party Risk Benchmarking Management Cyber

  1. BitSight Security Ratings www.bitsighttech.com

  2. Trends 2 www.bitsighttech.com

  3. Increasing governance and assurance required Subsidiary Third Party Risk Risk Management Management Fourth Party Risk Benchmarking Management Cyber Security Insurance Mergers & Risk Acquisitions www.bitsighttech.com 3

  4. Cyber Risk is Increasing CYBER INCIDENTS THE TARGETS THE DAMAGE CONTINUE TO INCREASE ARE BROAD IS SEVERE ● ● ● Volume 1st party Financial loss (# of attacks) ● ● 3rd party Reputational harm ● Speed of attacker ● Legal liability ● Nth party ● Sophistication of ● Operational attacker disruption

  5. Market Conditions BOARD EXPECTATIONS BUSINESS IMPACT vendors granted access to a company’s of organizations will report to the board on 100% 181 cyber risk at least 1x / year, by 2020 network per week of board members can’t interpret of all breaches linked directly or indirectly to 91% 63% cybersecurity reports 3rd parties REGULATORY ENVIRONMENT MARKET IMPACT will be spent in 2020 on information security $100B Oversight Continues to Increase worldwide in estimated cybersecurity insurance $10B GDPR FFEIC HK CFI premiums by 2020 DFAR NY DFS NIST $2T cyber crime costs by 2020

  6. The power of objectively measuring cybersecurity performance…. What would it enable for YOU? 6

  7. Key Questions How do diverse stakeholders have a sensible conversation about Cyber Security? • Language - Risk posture vs. vulnerability checklist ? Impact vs. events. Non technical language • Consistency of measurement – Absolute and relative, Universal Metrics Standard across a critical mass of organizations • Business Context – What is in it for me? How to relate cyber security to business • Outcome vs activity – Results rather than effort • Objective versus subjective – Data centric but in context BitSight brings data-driven efficiency and automation to the cyber risk evaluation process by providing a COMMON METRIC (ratings) to be used in a cyber risk decision framework:

  8. The Key Questions Who are the consumers of Cyber security information? • The Board • Procurement • Compliance • Vendor Risk Management Common Language • Audit Different perspectives / context • Operational Risk Subject to specific risks • CISO Info Sec Cyber security • Business process owners • Supplier Managers • CIO / CRO

  9. BitSight Security Ratings Enable Measurement BitSight Security Ratings LIKE CREDIT RATINGS... BOSTON, MA • Data-driven rating of security HEADQUARTERS performance ADVANCED 450+ 740 - 900 EMPLOYEES • Non-intrusive SaaS platform INTERMEDIATE $150M+ 640 - 740 CAPITAL RAISED FROM • Continuous monitoring BLUE CHIP INVESTORS BASIC EXPERIENCED 250 - 640 • Objective, quantitative measurement LEADERSHIP TEAM WITH RECORD OF GROWING SUCCESSFUL COMPANIES GLOBAL THE LARGEST, MOST ENGAGED ECOSYSTEM OFFICES IN SINGAPORE, LISBON AND RALEIGH 2011 1,500+ 25,000+ 20,000+ 160,000+ 105,000+ 15M+ FOUNDED Customers Users Ecosystem Monitored Pieces of User- Domains Worldwide Comments & Tags Organizations Generated Content

  10. How do security ratings help? BitSight Security Ratings: LIKE CREDIT RATINGS... • Provide a measurable range of risk • The only ratings solution with a third party verified correlation to breaches. <400 x5 • Data-driven rating of security performance 400-500 x4 • Non-intrusive SaaS platform x3 500-600 • Continuous monitoring with 12 month history x2 600-700 >700 • Active Oversight AT SCALE Strong, Validated Correlation to breach If the Botnet Grade is B or lower If the security rating drops below If 50% of computers run 2x 5x 3x 400 as compared to an or the File Sharing grade is outdated Operating organization with a 700 or higher B or lower System versions or the Open Ports grade is F Security ratings are an objective, continuous, external measure of an organization’s overall cyber security posture

  11. 3 levels of information – tailored for stakeholder needs 1. Security Rating - Overall Cyber Risk posture rating Dashboard, Management reports ‘view from the bridge’, trending 2 Risk Vectors – Rating for groupings of like events Risk hunting, thematic reviews, Audit selection + scoping Operational reports 3 Events – specific incidents or vulnerabilities Remediation, preparation for on-site audits Activity reports

  13. Translating Security Data into Actionable Ratings Security Ratings Risk Vector Factors within Ratings Organizational security performance ratings ranging from 250 - 900 derived from verifiable, outside-in security data User Behavior 10% Compromised Systems 55% Diligence 35%

  14. Botnet event detail

  15. Measuring Performance Across a Large Portfolio 15

  16. Better Data Enables Smarter Prioritization of Risk Vendor Tiering enables quick identification of critical vendors with issues …. … and Asset prioritization provides context on the most pressing issues facing these critical vendors Other ratings providers cannot provide the extensive visibility of security issues (see previous slide) or business critical assets (no API, mail server, or database visibility) meaning customers don’t get the most comprehensive view of the most important issues facing their most critical vendors.

  17. Leading Organizations Use BitSight 20% 4 40+ 4 50% of the world’s cyber of Fortune 500 of the top 5 Investment government agencies, of the Big 4 companies use Banks use BitSight for including US and Global Accounting Firms insurance premiums BitSight Vendor Risk Financial Regulators, use BitSight are underwritten by Management use BitSight BitSight customers 1,500+ CUSTOMERS ACROSS THE GLOBE

  18. Third Party Risk Management 18 www.bitsighttech.com

  19. TPRM: Customer Pain Points Vendor Ecosystem Customer Existing Processes Gather important data through questionnaires or Tier 1 Vendors Existing processes episodic assessments to learn about vendors highly focused on Critical to business function with potential network access or Tier 1 vendors policies, procedures, controls sensitive data sharing Tier 2 Vendors Send risk manager to do onsite assessments to Important vendors that may verify vendor policies, procedures, controls have access to network, data or company premises Tier 3 Vendors Perform penetration tests to get point-in-time Long tail of vendors with less analysis of vendor security vulnerabilities network/technology relationship Current processes are expensive, time consuming, and don’t provide continuous visibility across an organization’s entire ecosystem of vendors. 19

  20. Cyber Security Challenge Difficult to scale traditional approaches: Questionnaires, audits, penetration tests, manual efforts, etc. www.bitsighttech.com

  21. BitSight Value in TPRM Program Vendor Ecosystem Customer Existing Processes ● Expand visibility across all vendors to identify highest-risk vendors Cost-effective continuous visibility across all tiers Tier 1 Vendors Questionnaires Critical to business function with ● Drive efficiency and automation across potential network access or sensitive data sharing existing workflows and processes ● Prioritize action and allocate resources to Tier 2 Vendors Onsite assessments Important vendors that may address dynamic risks across vendor have access to network, data or population company premises ● Integrate ratings data throughout vendor Tier 3 Vendors Penetration tests lifecycle processes including selection, Long tail of vendors with less onboarding, ongoing monitoring and network/technology relationship termination BitSight Security Ratings are a cost-effective, data-driven metric that enables better prioritization of risk and allocation of resources to make effective risk decisions within an organization’s TPRM program 21

  22. BitSight TPRM

  23. Third Party Monitoring Produces Measurable Results at Scale for Goal: Monitor the information security disposition of critical third party service providers Actions by BitSight Results Monitor thousands of third parties 9 X Evaluate risk rating for each provider Determine risk areas for Third party action expansion coverage with same FT employees 23

  24. Security Performance Management 24 www.bitsighttech.com

  25. Security Performance Management Capabilities Operational Value Business Management Value Prioritization Peer Analytics Progress Tracking Launch in Q1 Future Enhancement Remediation Benchmarking Forecasting 25 CONFIDENTIAL

  26. Peer Analytics

  28. One Example of Impactful Results from Vendor Collaboration Onboarded 496 suppliers and engaged with BitSight Security Ratings as part of this process 56 % 50 Saw a Rating Increase Average points increased across this group 276 * Suppliers on-boarded between May 1 st and October 31. Ratings compared between May 1 st and Dec 4th 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Academic Affairs Student Ratings Report University-wide System of Student Ratings on Teaching

Academic Affairs Student Ratings Report University-wide System of Student Ratings on Teaching

Academic Affairs Student Ratings Report University-wide System of Student Ratings on Teaching Effectiveness March 21, 2013 Student Ratings Pilot Subcommittee Roxanne Canosa, GCCIS Carol De Filippo, NTID David Hostetter, ITS Michael Laver,

642 views • 21 slides
Fire Group Ratings &amp; Critical Radiant Flux Fire Group Ratings for Interior wall &amp;

Fire Group Ratings &amp; Critical Radiant Flux Fire Group Ratings for Interior wall &amp;

Fire Group Ratings &amp; Critical Radiant Flux Fire Group Ratings for Interior wall &amp; ceiling linings Key Points Fire Group ratings are determined by the uncoated substrate Waterborne &amp; solvent based paints or clear coatings

375 views • 11 slides
Co u rse ratings IN TR OD U C TION TO DATA E N G IN E E R IN G Vincent Vankr u nkels v en Data

Co u rse ratings IN TR OD U C TION TO DATA E N G IN E E R IN G Vincent Vankr u nkels v en Data

Co u rse ratings IN TR OD U C TION TO DATA E N G IN E E R IN G Vincent Vankr u nkels v en Data Engineer @ DataCamp Ratings at DataCamp INTRODUCTION TO DATA ENGINEERING Recommend u sing ratings Get rating data Clean and calc u late top -

326 views • 30 slides
Care Quality Commission Progress Report Hertfordshire Health Scrutiny Committee 13 December 2018

Care Quality Commission Progress Report Hertfordshire Health Scrutiny Committee 13 December 2018

Care Quality Commission Progress Report Hertfordshire Health Scrutiny Committee 13 December 2018 Our ratings Results for our hospitals Ratings for the Lister Ratings for the New QEII Ratings for Mount Vernon Hertford and Community Services

352 views • 19 slides
Using Ratings &amp; Posters for Anime &amp; Manga Recommendations Jill-Jnn Vie August 31, 2017

Using Ratings &amp; Posters for Anime &amp; Manga Recommendations Jill-Jnn Vie August 31, 2017

Using Ratings &amp; Posters for Anime &amp; Manga Recommendations Jill-Jnn Vie August 31, 2017 Recommendation System Problem Every user rates few items (1 %) How to infer missing ratings? Every supervised machine learning algorithm

224 views • 20 slides
Current State of Affairs Better known CS Dept ratings in US: US News and World Report

Current State of Affairs Better known CS Dept ratings in US: US News and World Report

Current State of Affairs Better known CS Dept ratings in US: US News and World Report National Research Council (1995, 2010) Uses/abuses of ratings: Efficient way to inform decisions Choosing a PhD program (especially

552 views • 7 slides
Medicare Part C &amp; D Star Ratings: Update for 2019 August 8, 2018 Part C &amp; D User

Medicare Part C &amp; D Star Ratings: Update for 2019 August 8, 2018 Part C &amp; D User

Medicare Part C &amp; D Star Ratings: Update for 2019 August 8, 2018 Part C &amp; D User Group Call Session Overview Overview of Star Ratings Changes for 2019 Star Ratings HPMS Plan Preview and Reminders Discussion: Open Q

760 views • 42 slides
OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -&gt; Common

OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -&gt; Common

Agenda Agenda Security Ratings Security Ratings ITSEC E3 ITSEC E3 C2 &amp; E3 B1 update on C2 &amp; E3 B1 update on V6 V6.2 .2 OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -&gt; Common &gt;

570 views • 7 slides
Security Structures Beyond GOs Municipal Analysts Group of NY luncheon Amy Laskey, Managing

Security Structures Beyond GOs Municipal Analysts Group of NY luncheon Amy Laskey, Managing

Security Structures Beyond GOs Municipal Analysts Group of NY luncheon Amy Laskey, Managing Director September 8, 2017 Agenda Explain the relationship between the Issuer Default Rating (IDR) and security ratings Discuss the limited

235 views • 21 slides
Motivational Ratings orner 1 , Nicolas Lambert 2 Johannes H 1 Yale and CEPR 2 Stanford and

Motivational Ratings orner 1 , Nicolas Lambert 2 Johannes H 1 Yale and CEPR 2 Stanford and

Motivational Ratings orner 1 , Nicolas Lambert 2 Johannes H 1 Yale and CEPR 2 Stanford and Microsoft Research Frontiers of Economic Theory and Computer Science Becker Friedman Institute, August 2016 Focus: Ratings that incentivize effort

1.76k views • 129 slides
Q1 2020 Overview ARAUCO at a glance As of March 2020 LTM Shareholder Structure Credit Ratings

Q1 2020 Overview ARAUCO at a glance As of March 2020 LTM Shareholder Structure Credit Ratings

Corporate Presentation Q1 2020 Overview ARAUCO at a glance As of March 2020 LTM Shareholder Structure Credit Ratings International Scale National Scale Angelini Group BBB Fitch Ratings 74.30% AA- Fitch Ratings (Negative) (Negative)

738 views • 31 slides
Training data 100 million ratings, 480,000 users, 17,770 movies 6 years of data:

Training data 100 million ratings, 480,000 users, 17,770 movies 6 years of data:

Training data 100 million ratings, 480,000 users, 17,770 movies 6 years of data: 2000-2005 Test data Last few ratings of each user (2.8 million) Evaluation criterion: Root Mean Square Error (RMSE) = Netflixs system

1.01k views • 57 slides
Medicare Part C &amp; D Star Ratings: Update for 2018 August 9, 2017 Part C &amp; D User Group

Medicare Part C &amp; D Star Ratings: Update for 2018 August 9, 2017 Part C &amp; D User Group

Medicare Part C &amp; D Star Ratings: Update for 2018 August 9, 2017 Part C &amp; D User Group Call Session Overview Overview of Star Ratings Changes for 2018 Star Ratings HPMS Plan Preview and Reminders Discussion: Open Q &amp;

716 views • 48 slides
Medicare Part C &amp; D Star Ratings: Update for 2017 August 3, 2016 Part C &amp; D User Group

Medicare Part C &amp; D Star Ratings: Update for 2017 August 3, 2016 Part C &amp; D User Group

Medicare Part C &amp; D Star Ratings: Update for 2017 August 3, 2016 Part C &amp; D User Group Call Session Overview Overview of Star Ratings Changes for 2017 Star Ratings and beyond HPMS Plan Preview and reminders Discussion:

659 views • 47 slides
REVERSE-ENGINEERING COUNTRY RISK RATINGS: A COMBINATORIAL NON-RECURSIVE MODEL Peter L. Hammer

REVERSE-ENGINEERING COUNTRY RISK RATINGS: A COMBINATORIAL NON-RECURSIVE MODEL Peter L. Hammer

REVERSE-ENGINEERING COUNTRY RISK RATINGS: A COMBINATORIAL NON-RECURSIVE MODEL Peter L. Hammer Alexander Kogan Miguel A. Lejeune Reverse-engineering Country Risk Ratings Importance of Country Risk Ratings Globalization Expansion and

767 views • 21 slides
1 Collaboration overview Established in 2015, the Certification and Ratings Collaboration is

1 Collaboration overview Established in 2015, the Certification and Ratings Collaboration is

1 Collaboration overview Established in 2015, the Certification and Ratings Collaboration is an effort among five global seafood certification and ratings programs to coordinate our tools and increase our impact so that more seafood producers

421 views • 12 slides
Security and Resilience Juan Torres, SNL April 21, 2016 Overview The &quot;Security and

Security and Resilience Juan Torres, SNL April 21, 2016 Overview The &quot;Security and

Security and Resilience Juan Torres, SNL April 21, 2016 Overview The &quot;Security and Resilience&quot; focus area has five main activities, based on the NIST cybersecurity framework, but expanded to all- hazards. Improve the Ability to

647 views • 6 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Secure Relocation: Understanding Data Security Dave Siegel Siegel

Secure Relocation: Understanding Data Security Dave Siegel Siegel

Secure Relocation: Understanding Data Security Dave Siegel Siegel Data Management (SDM) resources bring nearly 100 man-years of global business experience

519 views • 15 slides
Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical

Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical

NIST Cyber Security Framework &amp; Healthcare IT Security Clarksville, MD | 22 April 2016 | Annual Spring Conference Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical Strategist

523 views • 24 slides
Cyber Security for Non-Technical Managers Thursday, August 22, 2019 1:00 2:30 PM ET 2 1

Cyber Security for Non-Technical Managers Thursday, August 22, 2019 1:00 2:30 PM ET 2 1

8/22/2019 1 Cyber Security for Non-Technical Managers Thursday, August 22, 2019 1:00 2:30 PM ET 2 1 8/22/2019 How to Participate Today Audio Modes Listen using Mic &amp; S peakers Or, select Use Telephone

255 views • 23 slides
MEETING JUNE 8, 2016 AGENDA Call to Order and Welcome 9:00 Michelle Mills, Chair Old Business

MEETING JUNE 8, 2016 AGENDA Call to Order and Welcome 9:00 Michelle Mills, Chair Old Business

EHEALTH COMMISSION MEETING JUNE 8, 2016 AGENDA Call to Order and Welcome 9:00 Michelle Mills, Chair Old Business 9:05 Approval of Minutes New Business 9:10 Review and Discuss Use Case for Master Data Management Carol Robinson,

512 views • 29 slides
Higher Education Role in Securing Cyberspace Operations Research Education 2 Vision A digital

Higher Education Role in Securing Cyberspace Operations Research Education 2 Vision A digital

Higher Education Role in Securing Cyberspace Operations Research Education 2 Vision A digital economy enabled by a knowledgeable and skilled cybersecurity workforce. 3 Mission of NICE To energize and promote a robust network and an

644 views • 36 slides
Recommendations for Improved DIB Cybersecurity Dr. Eric Cole SVP &amp; CTO of the Americas

Recommendations for Improved DIB Cybersecurity Dr. Eric Cole SVP &amp; CTO of the Americas

Recommendations for Improved DIB Cybersecurity Dr. Eric Cole SVP &amp; CTO of the Americas eric_cole@mcafee.com April 7 th , 2010 About Dr. Eric Cole Previous Federal Cybersecurity Official (IC) Previous cybersecurity chief

93 views • 7 slides

More recommend