Risk Assessments

 View Only

  • 1.  Third Party Security Ratings Companies

    Posted 12-02-2019 12:44 PM
    ​​Does anyone use or have opinions on Third Party Security Ratings Companies such as BitSight, Security Scorecard or Up guard?


  • 2.  RE: Third Party Security Ratings Companies

    This message was posted by a user wishing to remain anonymous
    Posted 12-02-2019 02:07 PM
    This message was posted by a user wishing to remain anonymous

    Hi.  Our Cyber group uses Bitsight.  I have no opinion, but I do include rating if we have to risk accept Cyber findings.

    Thanks.



  • 3.  RE: Third Party Security Ratings Companies

    Posted 12-03-2019 08:48 AM
    ​We are using Security Scorecard through Venminder services which gives us a monthly report on our most critical vendors. It's a lot of information to digest, but I use the rating trend as an indicator of potential issues. I do include that information in my risk assessments and I report any serious increase in risk rating to management; CIO, ISO, and business line owner.


  • 4.  RE: Third Party Security Ratings Companies

    This message was posted by a user wishing to remain anonymous
    Posted 12-03-2019 10:19 AM
    This message was posted by a user wishing to remain anonymous

    We chose BitSight over SS, and are pleased with it.  Their functionality continues to improve and they listen to their customers.


  • 5.  RE: Third Party Security Ratings Companies

    Posted 12-14-2019 12:20 PM
    RiskRecon is another competitor in that space. I would include them in an RFP.