Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cyber Security Scorecards

From: Kevin Reedy <kreedy () EXCELSIOR EDU>
Date: Tue, 20 Feb 2018 14:26:42 +0000
I've been 'graded' by BitSight - some of their metrics are great, while others are frustrating to say the least.  They 
pay Akmai and other advertising giants to get browser strings and link that back to your IPs, so you are getting hits 
on out of date iOS and Android on the guest network, etc.  They pay some of the larger DNS sinkholes to get data from 
there, which is at least actionable.

In the end I'm glad to not have to worry about the score, but if the market continues to grow it will impact the way 
guest wireless and testing machines are deployed - the response they gave me was to have a separate IP space for those 
items, which isn't ideal in most cases.

-Kevin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Lovaas,Steven
Sent: Monday, February 19, 2018 9:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cyber Security Scorecards


We did go with BitSight, getting creative with funding to give better insight into our own risk profile for the variety 
of regulatory schemes. It's been a really nice tool for showing progress (and its lack) in a number of areas. I was 
able to get a bit more funding the second year to add some third-party evaluations as well, as we're beefing up our 
process of cloud vendor vetting.



Steve


================================
Steven Lovaas
University Information Security Officer
Colorado State University
steven.lovaas () colostate edu<mailto:steven.lovaas () colostate edu>
970-297-3707
Mit der Dummheit kämpfen Götter selbst vergebens.
================================
________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Madl, Michael <michael.madl () INDWES EDU<mailto:michael.madl () INDWES EDU>>
Sent: Monday, February 19, 2018 5:52:54 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Cyber Security Scorecards


We looked at BitSight.  Great product but cost was over 10K a year.  If I had the budget I would have definitely gone 
with them.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Patrick 
McElhinney
Sent: Monday, February 19, 2018 12:41 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Cyber Security Scorecards



Hi All,



We are starting to look at some options in the cyber scorecard space to try and get some extra inputs into our Vendor 
Risk Management processes.  Some of the players we are exploring include:

*         SecurityScorecard

*         BitSight Security Ratings

*         Upguard CyberRisk

*         FICO® Enterprise Security Score Profile (QuadMetrics)



Has anyone else dipped a toe into this market and have any recommendations, or Pros\Cons on any of the players in the 
market?



With Thanks,



Patrick



PATRICK McELHINNEY
Senior Security Specialist
IT Services - Resources Division
The University of Newcastle (UoN)
University Drive
Callaghan NSW 2308
Australia

CRICOS Provider 00109J



[The University of Newcastle]<http://www.newcastle.edu.au/>


[http://s.uon.nu/img/vert-divider.png]


[http://s.uon.nu/img/ranking.png]


[Website]<http://s.uon.nu/l/1>





[Blog]<http://s.uon.nu/l/2>





[Facebook]<http://s.uon.nu/l/3>





[Twitter]<http://s.uon.nu/l/4>





[YouTube]<http://s.uon.nu/l/5>


[http://s.uon.nu/img/1x1white.png]

Previous By Date Next
Previous By Thread Next

Current thread: