Subscribe

How to use security ratings to manage risk

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 21 May 2019

It's as important to establish the right metrics for a security programme as it is to establish such a programme in the first place.

This is where security ratings come in. They help to manage cyber risk in any inter-organisational interaction where transparency has historically been lacking.

That's according to Russell Budworth, sales director of BitSight Technologies, who will be speaking at the ITWeb Security Summit, to be held from 27 to 31 May at the Sandton Convention Centre.

BitSight is a Boston-based cyber security ratings company that analyses companies, government agencies, and educational institutions and rates their cyber security performance.

Security ratings can be defined as a data-driven, objective and dynamic measurement of a business' security performance. The right tools address a variety of critical, interconnected internal and external use cases at scale in order to enable more effective decision-making throughout the global business ecosystem.

That's according to Russell Budworth, sales director of BitSight Technologies, who will be speaking at the ITWeb Security Summit, to be held from 27 to 31 May at the Sandton Convention Centre.

BitSight is a Boston-based cyber security ratings company that analyses companies, government agencies, and educational institutions. Its ratings platform is the most widely adopted in the world.

Budworth says BitSight's ratings are derived from objective, verifiable information and provide a data-driven and dynamic measurement of an organisation's security performance.

"Security ratings are useful in dealing with the many risk management challenges facing organisations today. They include evaluating and continuously monitoring cyber risk posed by third parties, measuring one's own security performance and benchmarking that against peers or competitors, as well as communicating security performance effectively with senior executives and board members."

He says currently, businesses struggle to effectively manage cyber risk in their supply chain. For years, organisations spent time building security programmes focused on protecting internal assets, while ignoring the growing risk presented by outsourcing and digital transformation.

"Businesses must think of building security programmes that effectively manage both internal and external risks."

Delegates attending his talk - Security ratings: Enabling organisations to focus on measurable cyber risk reduction - will learn about new requirements to manage third party risk, as well as the role that technology can play in addressing some of these challenges.

Share