Policy Insights - SecurityScorecard

Partnering to raise the bar on cybersecurity with security ratings.

Transforming the way organizations understand, mitigate, and communicate cybersecurity risk.

  • The SEC's Evolving Approach to Cyber Risk Management

    The U.S. Securities & Exchange Commission recently proposed rules to strengthen the ability of public companies, funds, and advisors to combat cybersecurity threats and implement risk mitigation processes.

    Here’s a sample of SecurityScorecard’s discussion with Kristy Littman, U.S. Securities and Exchange Commission Chief of the Crypto Assets and Cyber Unit, Michael Daniel, President & CEO of the Cyber Threat Alliance and Friso van der Oord, Senior Vice President, Content with the National Association of Corporate Directors discussing the importance of the proposed rules.

  • Security Ratings Quantify Cyber Risk

    The U.S. House of Representative’s Committee on Homeland Security entered research by SecurityScorecard into the congressional record at a joint hearing, “A Whole-of-Government Approach to Combatting Ransomware: Examining DHS’s Role.”

    The report from SecurityScorecard used machine learning across 10 different factors to correlate with the relative likelihood of a ransomware attack. Subsequently, SecurityScorecard developed a sophisticated machine learning model that estimates the relative likelihood of a company falling victim to ransomware attack, based on non-intrusive observations of its cybersecurity posture. The predicted likelihood could be used to warn at-riskorganizations and to assist insurance carriers offering cyber-insurance policies.

  • Fireside Chat with N.Y. Department of Financial Services' Cyber Chief

    In a Feb. 2 webinar, SecurityScorecard hosted Justin Herring, Executive Deputy Superintendent, Cybersecurity Division of the New York Department of Financial Services (DFS), and Luke Dembosky, Partner and Co-Chair of the Data Strategy & Security practice at Debevoise & Plimpton, to discuss DFS’s top cybersecurity priorities this year, current enforcement and examination trends, and the regulatory environment around cybersecurity in 2022.

    In this conversation, Mr. Herring, the first Executive Deputy Superintendent of Cybersecurity at DFS. described the Cybersecurity Division’s aim to protect consumers and industries from cyber threats, including their recent adoption of security ratings to support their regulatory oversight.

  • Cybersecurity Information Sharing & Scorecards | WWD Weekly Digest

    In Jan. 2022, SecurityScorecard’s Vice President for Policy & Public Sector, Charlie Moskowitz, joined Water and Waste Senior Managing Editor Bob Crossen for a video interview to discuss water security cybersecurity. Together, they discussed recent Biden Administration regulatory action affecting the water sector, sector-wide cyber vulnerabilities, and the resource challenges facing small and rural community water utilities to defend against online threat actors.

    Moving beyond the problems, Charlie also discussed two core solutions: continuous monitoring and information sharing, to help water utilities develop and raise threat awareness across the water sector utilities, and how a security ratings platform, like SecurityScorecard’s, can provide real-time, continuous monitoring to small and large water utility companies and help improve their overall cybersecurity.

  • Cybersecurity for the New Frontier: Reforming the Federal Information Security Management Act

    The U.S. House of Representatives Committee on Oversight and Reform included testimony from SecurityScorecard at a hearing titled, “Cybersecurity for the New Frontier: Reforming the Federal Information Security Management Act.”

    SecurityScorecard’s Statement for the Record advocated for Federal networks to include quantitative, data-driven metrics and real-time, continuous monitoring to build industry best practices into Federal network monitoring and risk management.

  • Log4j Vulnerability Technical Report

    The recently discovered security flaw related to Log4j enables threat actors to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j.

    Read the report to find out what SecurityScorecard’s Research team found on the implications of this vulnerability and what organizations can do to combat it.

Hear From Our Customers

  • The SecurityScorecard report does include several of the security measures required by the pipeline security directive. As such, TSA’s security directives and the implementation of required measures could be validated by the SecurityScorecard or similar tools to readily identify potential security gaps.”

    Administrator, Transportation Security Administration David Pekoske
    1 / 0
  • "The emergence of security ratings has increased the use of cyber risk quantification to calculate and measure cyber risk exposure. These security ratings provide a starting point for companies’ cybersecurity capabilities and help elevate cyber risk to the level of board decision-making."

    Assistant Director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency Bob Kolasky
    1 / 0
  • "For even trusted sources, program managers should maintain continuous awareness of source compromises and be prepared to respond to sudden loss of trust in a repository."

    Chief Information Officer, Department of Defense John B. Sherman
    1 / 0
  • "Tools and services such as [security ratings], if in wider use, could better inform industry of certain vulnerabilities to act upon and decrease gaps in cybersecurity. These “scorecards” provide a rating of cybersecurity postures of corporate entities through a non-intrusive “outside-in” view of security metrics and cyber threat intelligence signals."

    Part of the House Committee on Homeland Security, TSA
    1 / 0
default-img
default-img

SecurityScorecard stands with CISA and its partners in responding to ongoing Russian state-sponsored cyber activity in connection with Russia's attack on Ukraine.

For the latest from SecurityScorecard’s Global Investigations, go to CISA’s “Shields Up Technical Guidance”

Read More