Comprehensive software reviews to make better IT decisions
SecurityScorecard Launches Project Escher to Aid Non-Profits With Vendor Risk Management
SecurityScorecard, a leader in vendor cyber risk rating, has announced an initiative to help non-profit organizations with third-party risk management. Named Project Escher, this initiative demonstrates SecurityScorecard’s commitment to the non-profit sector.
“At SecurityScorecard, we recognize that nonprofit organizations fulfill many essential roles in society, yet oftentimes do not have the resources to mitigate risk of cyber attack,” said Sam Kassoumeh, Co-founder & COO, SecurityScorecard. “Project Escher is dedicated to provisioning eligible nonprofit organizations with the knowledge and tools that are essential to improving their security posture and defending their cause against critical vulnerabilities. It’s time to change the status quo and ensure nonprofits are not obstructed from performing their vital work for the community.”
Participants in Project Escher are granted complimentary access to SecurityScorecard’s rating platform for up to five vendors.
As we describe in our research blueprint, Build a Vendor Security Assessment Service, cyber risk rating services can be fraught with false positive errors that detract from their value proposition. To take advantage of Project Escher, an NPO will need to have the technical resources to understand security rating reports and isolate false positives. That said, this is a very positive announcement from SecurityScorecard that is worth attention by any NPO.
Want to Know More?
Dark web monitoring for supply chain risk is becoming a mandatory feature for cyber risk ratings providers. Panorays’ latest press release shows that it is catching up to the big players.
Normshield recently announced that it has licensed the FAIR model to allow customers to quantify supply chain security risk in terms of financial impacts. It is innovative, but is it useful?
BitSight Enterprise Analytics looks to increase the value proposition of using cyber risk ratings for internal risk management, but are they barking up the wrong tree? If you assume that cyber risk ratings are mostly useful for third-party risk management, you aren’t alone. BitSight is aiming to change that with its new Enterprise Analytics solution, but it may be chasing after the wrong audience.
Panorays has announced a partnership with Shared Assessments to provide Panorays customers with access to the Standard Information Standard (SIG) questionnaire. This is an innovative offering but may prove to be a mixed blessing.
SecurityScorecard Admits That Third Party Risk Management Is Hard and Announces Professional Advisory Services
SecurityScorecard has announced the availability of new professional advisory services to help customers consume its vendor cyber risk rating product. In doing so, it is tacitly admitting that risk ratings are not the easy solution they’ve been hyped to be.
RiskRecon and RSA have announced a partnership to bring RiskRecon’s third-party risk rating services to RSA’s Archer Governance, Risk and Compliance (GRC) system. This should be a welcome move for Archer customers.
BitSight, one of the leaders in cyber risk rating, has announced a new product to allow organizations to benchmark against their peers. Dubbed “Peer Analytics,” this service will interest companies where benchmarking is a compliance obligation.