Hi [[ session.user.profile.firstName ]]

Security Ratings: A Big Data Approach to Measuring and Mitigating Security Risk

The increasing volume of breaches we hear about in the news highlights the challenge risk managers face in working to address cyber risk. Current assessment methods, while insightful, are inadequate due to the pace at which security postures change, leaving organizations vulnerable and exposed in the blink of an eye. In order to truly reduce security risk, managers need more insight and better tools that allow for continuous visibility into the ever-changing network environments they are administering.

Join Stephen Boyer, CTO and co-founder of BitSight Technologies, and Oliver Brew, Vice President of Professional Liability at Liberty International Underwriters (LIU) for this webinar to discover:

- Why measuring security risk is difficult and how some assessment methods leave organizations vulnerable to threats and financial loss

- How forward-looking organizations are using Big Data to reduce risk, increase transparency and address new regulatory requirements

- Case Study: How LIU is using Security Ratings to mitigate risk
Recorded Apr 17 2014 46 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Stephen Boyer of BitSight Technologies and Oliver Brew of Liberty International Underwriters
Presentation preview: Security Ratings: A Big Data Approach to Measuring and Mitigating Security Risk

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How To Gain Actionable Insight Into Cyber Risk With Security Ratings Sep 29 2016 5:00 pm UTC 60 mins
    Ira Scharf, GM of Worldwide Insurance, BitSight, Dave Bradford, President, Advisen
    With so many different cyber risk metrics being used, how can cyber insurance underwriters and risk managers know how likely a company is to experience a data breach?

    Join Ira Scharf, GM of Worldwide Insurance at BitSight, and Dave Bradford President, Research and Editorial at Advisen as they discuss new correlations between BitSight Security Ratings and data breaches.

    Attendees will learn:

    - Why security ratings are a clear indicator of cyber risk
    - How likely companies with BitSight ratings of 400 or below are to experience a data breach
    - How underwriters, policyholders, and applicants can use BitSight Security Ratings to lower their cyber risk
  • Exploring The Latest Cybersecurity Trends In Major Industries Sep 21 2016 3:00 pm UTC 60 mins
    Jay Jacobs, Senior Data Scientist
    In 2015, large-scale data breaches have hit all industries, leading to millions of compromised records. According to the Identity Theft Resource Center, there were 780 data breaches in which 177,866,236 records were compromised. While no industry is immune to data breaches, some are more prepared than others.

    In this webinar, Jay Jacobs, Senior Data Scientist at BitSight explains how security posture differs in the following industries: Finance, Retail, Energy and Utilities, Healthcare, Education, and Federal Government. This webinar will highlight new findings on:

    - The types of vulnerable services running on corporate networks
    - The percentage of companies using the latest certificates to implement HTTPS, and whether companies are implementing these certificates correctly
    - How frequently industries tend to remediate vulnerabilities on their networks
    - The aggregate BitSight Security Rating for each industry
  • Managing Cyber Risk From Third Party Contractors Aug 30 2016 3:00 pm UTC 60 mins
    Jake Olcott
    Many recent data breaches have exploited security weaknesses in the networks of third parties to attack businesses. With supply chains growing and business functions increasingly outsourced, the number of third party organizations with access to your company’s most sensitive data has increased dramatically. How should organizations assess and manage the cyber risk by their vendors and suppliers? What kinds of policies and controls should organizations put in place in order to mitigate third party cyber risk? How can organizations continuously monitor the cybersecurity performance of their critical vendors in real time?

    Getting familiar with third party cyber risk management best practices and industry standards is a good start towards mitigating cyber risk for your organization. Join Jake Olcott, VP of Business Development as he discusses these topics and more.
  • Tips and Tricks For Tackling Vendor Risk Recorded: Aug 11 2016 48 mins
    Andrew Calo, Manager of Technology Risk
    With so many moving parts pushing an organization forward, companies today must know who has access to their data—making vendor risk management (VRM) a critical business practice. Unfortunately, not all organizations have the resources to staff full-time vendor risk managers. Security professionals now must wear multiple hats in order to reduce operating risk for their organizations. Even if vendor risk management isn’t a primary focus, there are techniques and tools security professionals can implement to make it an efficient and valuable process for your company.

    In this webinar, join Andrew Calo, Manager of Technology Risk at BitSight as he offers tips and techniques to efficiently manage and assess vendor risk. Attendees will learn about:

    -Basic questions you need to ask all vendors
    -The top risk vectors and configurations to look at it
    -The value and impact of continuous risk monitoring software
  • From Signal to Action: Security Metrics that Drive Business Decisions Recorded: Jul 28 2016 42 mins
    Stephen Boyer, Jay Jacobs
    How can companies effectively measure their company’s risk of a data breach? Which security metrics are most important when it comes to determining cyber risk? How do different types of security compromises, whether botnet infections or brand name SSL vulnerabilities, contribute to an organization’s risk profile?

    In this presentation, BitSight’s Chief Technology Officer Stephen Boyer and Senior Data Scientist Jay Jacobs answer these questions and more. This data-driven webinar will highlight the extensive analysis that the BitSight Data Science team undertakes to make security signals into concrete risk mitigation actions. Perhaps most importantly, the speakers will give guidance on how security and risk professionals at every level - from the board room to the server room - can drive positive change throughout their organizations.
  • Global Security Performance: How Top Nations Stack Up Recorded: Jul 12 2016 54 mins
    Stephen Boyer, CTO and CoFounder BitSight
    How do some of the most prominent nations in the international economy differ in cybersecurity performance? As organizations increasingly open offices abroad, their networks face global security threats.

    In its latest research report, BitSight studied the security performance of companies with more than 50% of their IP space in the following countries: The United States, United Kingdom, Germany, Brazil, China, and Singapore.

    Join Stephen Boyer, CTO and CoFounder of BitSight as he takes a deep dive into the threat landscape that organizations face in each of these nations.

    Viewers will learn:

    ● Why companies in some nations tend to be more or less secure than others

    ● How global companies deal with threats such as botnet infections, SSL attacks, and Spam propagation.

    ● What businesses with a large global presence can do to mitigate cyber risk across their ecosystem.
  • Managing Fourth Party Cyber Risk With BitSight Discover Recorded: Jun 23 2016 24 mins
    Matt Cherian, Director of Product Management & Customer Operations
    In recent years, organizations’ dependency on cloud service providers, web hosting platforms, and other cloud services has increased. Many companies now rely on cloud technologies for critical services, making them vulnerable to single points of failure in their supply chains. A data breach originating from a service provider may affect multiple organizations across different industries. Many of your company’s vendors may rely on certain cloud service providers. What risk does this pose to your organization?

    In this webinar, Matt Cherian, Director of Product Management & Customer Operations at BitSight will discuss:
    - Why organizations need to identify and monitor fourth party connections as64 they transition to the public cloud and digital systems
    - Which industries could be most impacted by service provider outages and which of these industries rely on obsolete software
    - How BitSight Discover can help enterprises mitigate operational and cyber risk
  • How The CISO For Fannie Mae Monitors The Security Of Third Parties Recorded: Jun 16 2016 60 mins
    John Pescatore, Chris Porter
    Many recent breaches have exploited security weaknesses in third party vendors and suppliers to attack business and government agencies. In this webinar, the Deputy CISO at Fannie Mae details his experience using BitSight Security Ratings to assess the cybersecurity level of third party business partners and vendors, as well as using BitSight for ongoing monitoring of externally visible signs of lapses in security levels. This presentation will contain a discussion of lessons learned and best practices as well as detail the metrics used to demonstrate the business value gained by a repeatable and ongoing approach for monitoring third party security levels.
  • Cyber Lay Of The Land: What The Numbers Tell Us Recorded: May 26 2016 61 mins
    Jay Jacobs, Aloysius Tan, Chad Hemenway
    What were the overall trends in cyber breaches, and what does this mean for organizations and the third party vendors with whom they work?

    In this webinar, Advisen, an insurance analytics firm, will analyze cyber breaches and identify ebbs and flows throughout 2015 and into 2016. Panelists will then take the unprecedented step of correlating the data Advisen and Bitsight possess to take an even deeper dive to find possible threats to an organization’s cybersecurity — giving all stakeholders greater visibility into the cyber posture of organizations as well as their third party vendors.

    Panelists

    Jay Jacobs, Senior Data Scientist, BitSight
    Aloysius Tan, Product Manager, Advisen
    Chad Hemenway, Managing Editor, Advisen (moderator)
  • Vendor Risk Management: Trends and Market Maturity Recorded: May 10 2016 41 mins
    Stephen Boyer, CTO and CoFounder BitSight
    How do organizations assess and manage the security risk by their vendors and suppliers? What kind of programs to organizations have in place to manage risk, and how mature are these programs?

    In this webinar, Stephen Boyer, CTO and CoFounder of BitSight and Joyce Chutchian, Senior Managing Editor, IDG Enterprise discuss recent survey data on the maturity of vendor risk management programs. This presentation will provide an in-depth analysis of which methods are being used by organizations in order to mitigate third party risk.

    Attendees will also learn:

    - Why vendor risk management is becoming a standard business practice
    - About the challenges organizations face in building a formalized vendor risk program
    - How continuous monitoring solutions and security ratings can help bolster vendor risk management programs
  • Building An IT Vendor Risk Management Program Recorded: Apr 28 2016 58 mins
    Mike Rothman, Securosis | Tom Turner, BitSight
    Recent high profile data breaches have made it obvious that organizations often underestimate the risk their vendors present, and struggle to evaluate third party cyber risk.

    In this webinar Mike Rothman, Analyst & President of Securosis, and Tom Turner, President and COO of BitSight describe how organizations can build a systematic means to evaluate their IT risk presented by business partners and vendors.

    Viewers will learn about:

    - Understanding Third Party IT Risk
    - Structuring Vendor Risk Management Programs
    - Evaluating Vendor Risk
    - Ongoing Vendor Monitoring and Communication
  • Real-time Remediation: Identifying and Addressing Infections with BitSight Recorded: Apr 21 2016 27 mins
    Payal Mehrotra, BitSight Product Manager
    Infections are a growing threat to business networks. Symantec recently noted that over a million new malware threats are released every day. This leaves companies searching for solutions to prevent infections before they occur - and identify infections that do happen to infect company devices.

    Join Payal Mehrotra, BitSight Product Manager, for this webinar to learn how security programs can leverage the BitSight platform to identify and remediate infections on their network, including spam, botnets and malware. She will give an overview on how BitSight identifies infections and how alerts and forensics can help organizations detect and remediate issues as they occur.
  • How To Present Cybersecurity To The Board Recorded: Mar 22 2016 61 mins
    Richard Clarke, Jasper Osstenjuk, Jake Olcott
    Cybersecurity is now a #1 concern for board members. What should they know? How should it be presented?

    Richard Clarke knows. As a senior White House advisor to four U.S. Presidents, a member of three corporate boards, and CEO of Good Harbor Security Risk Management, he’s talked cybersecurity in the Situation Room and the boardroom.

    Jasper Ossentjuk also knows how to present cybersecurity in the boardroom. As SVP and CISO for TransUnion, Jasper regularly presents information to his Board about his organization's security posture.

    On March 22 at 2PM ET, join Richard and Jasper for a discussion of:

    - What cybersecurity metrics and measurements are most important for the board
    - Methods for security leaders to communicate security issues across the enterprise
    - How to graphically represent your cybersecurity program
  • The Aggregate Cyber Risk Landscape Recorded: Mar 15 2016 28 mins
    Jay Jacobs, Ira Scharf
    The transition to large scale outsourcing among large and mid-sized companies has increased the number of fourth party connections and the dependency on cloud service providers, web hosting platforms, and other cloud services. As companies rely on a handful of service providers, they become vulnerable to single points of failure in their supply chains. Cyber criminals may be able to breach multiple organizations across different industries through a single attack on a service provider.

    Today, insurance companies lack sufficient visibility into the level of concentration of third party cloud providers in their book of business. To successfully assess and mitigate this level of cyber risk aggregation insurers must identify areas of third party concentration in their portfolios, where a single breach of a compromised service provider could lead to dozens or hundreds of cyber claims.


    Join Jay Jacobs, Senior Data Scientist and Ira Scharf, GM of Worldwide Insurance at BitSight on March 15 at 2:30 PM for a discussion of:

    - Why organizations need to be aware of fourth party connections as they transition to the public cloud and digital systems
    - Which industries could be most impacted by service provider outages and which of these industries rely on obsolete software
    - How insurers will approach cyber risk aggregation
  • Mitigating Cyber Risks With Security Ratings: University of Arizona Case Study Recorded: Feb 23 2016 48 mins
    Stephen Boyer, Chris Schreiber
    The Higher Education sector is a large target for cyberattacks because of their research in science and technology that can be leveraged for commercial gain. However, colleges and universities often have unique requirements and specific challenges to securing their networks.

    In this webcast Stephen Boyer, of BitSight Technologies and Chris Schreiber of University of Arizona discuss:

    - The specific challenges that universities and colleges face in mitigating cyber risk
    - How threats like peer to peer file sharing present greater risk to this sector
    - How universities can use BitSight Security Ratings to mitigate cyber risk and improve their security posture
  • Essential Components of a Vendor Risk Management Program Recorded: Feb 9 2016 57 mins
    Jake Olcott, VP at BitSight
    Understanding the cybersecurity posture of vendors, suppliers, and third-parties is now a necessity for businesses in all industries. Yet, many businesses do not have a formalized vendor risk management program. There are multiple components needed to create a comprehensive vendor risk management program. These span governance and control, as well as security controls and technology.

    Join Jake Olcott, VP at BitSight on February 9 as he highlights best practices and industry standards for vendor risk management programs. Attendees will learn:

    - Which frameworks and methodologies can help get you started
    - Vital questions you should be asking your vendors
    - Why continuous monitoring and verifying vendor security is crucial to mitigate cyber risk
  • Why Vendor Risk Management Should Be A Top Priority In 2016 Recorded: Jan 27 2016 28 mins
    Benjamin Fagan
    Many recent data breaches have exploited security weaknesses in third-party vendors to attack businesses. As supply chains grow and business functions increasingly get outsourced, the amount of data given to third parties has increased.

    In this webinar, Benjamin Fagan, Product Marketing Specialist, will discuss why vendor risk management should be a top priority for your business. Additionally, he will discuss how BitSight can help manage the cyber risk of your vendors.
  • Peer To Peer Peril: How File Sharing Impacts Security Performance Recorded: Jan 14 2016 39 mins
    Mike Woodward, Program Director of Data
    While many businesses these days have policies in place that prohibit employees from peer to peer file sharing in the office, this activity occurs on a significant percentage of company networks. Beyond the dangers of downloading copyrighted material and breaking corporate policies, employees that engage in peer to peer file sharing could be bringing malware onto corporate networks without their knowledge.

    BitSight recently observed the use of the BitTorrent protocol for over 37,000 entities and found that over 40% of torrented applications contain malicious software. Join Mike Woodward, Program Director of Data as he explains:

    - the correlation between BitTorrent activity and botnet infections
    - the percentage of torrented applications that contain malware
    - which industries face the greatest challenges with peer to peer file sharing
  • Trust, But Verify: The Evolution of Vendor Risk Management in Finance Recorded: Dec 17 2015 37 mins
    Stephen Boyer, CTO and Cofounder BitSight
    Vendor risk management has long been an area of concern for Financial Institutions. Regulators are now looking for banks to do more and provide a higher level of assurance about the security practices of their vendors. But how? With regulators continuously raising the bar, one thing is clear: the vendor reviews of the past will no longer be sufficient in today's environment.

    In this presentation Stephen Boyer, CTO, and Cofounder of BitSight Technologies will explore:

    - The evolving regulatory landscape regarding Vendor Risk Management and the practices organizations are adopting to meet these more stringent demands.
    - Why continuous monitoring of vendor security performance is both critical and achievable, through the use of data-driven, evidence-based security ratings
    - How a global financial services firm is transforming the way they select and interact with vendors and suppliers, detailing their own industry-leading practices in VRM and how the use of security performance ratings is allowing them to harden their extended enterprise.
  • Cybersecurity and Investors Recorded: Oct 26 2015 49 mins
    Jacob Olcott, Vice President, BitSight, Nell Minow
    There’s no doubt that cyber attacks cause real financial harm to businesses. Money can be stolen, business operations disrupted. Cyber theft can provide international competitors with years worth of valuable intellectual property or trade secrets virtually overnight, jeopardizing current and future market opportunities. Cyber attacks can seriously damage an organization’s reputation with customers and result in legal liability for the company, executives, and board members.

    As companies race to protect themselves, how do investors know if the organizations they are investing in are secure?

    Join Jacob Olcott, VP at BitSight, and Nell Minow, corporate governance expert and co-founder of Institutional Shareholder Services (ISS), for a discussion of key issues, including:

    -How investors assess cybersecurity in the M&A diligence process

    -What institutional shareholders want to know about cyber risks to their investments

    -How shareholders can meaningfully engage with companies on cybersecurity
Find Out How Security Ratings can Reduce Your Company's Risk.
The BitSight Security Rating Platform gathers terabytes of data on daily security outcomes from hundreds of sensors deployed across the globe.

All of the data is externally available and collected without any intrusive testing. Data is classified into several risk categories, including botnets, spam, malware, unsolicited communication, DDoS, and system configuration, and then mapped to an organization's known networks.

BitSight’s sophisticated algorithms analyze the data for severity, frequency, duration, and confidence to create an overall rating of that organization’s security performance.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Security Ratings: A Big Data Approach to Measuring and Mitigating Security Risk
  • Live at: Apr 17 2014 4:00 pm
  • Presented by: Stephen Boyer of BitSight Technologies and Oliver Brew of Liberty International Underwriters
  • From:
Your email has been sent.
or close