| 摘要 |
Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score. |
| 主权项 |
1. A method for improving an entity's cybersecurity risk using a cybersecurity risk assessment portal, the method comprising:
receiving, via a cybersecurity risk assessment portal operating on one or more machines, a request to calculate an entity's cybersecurity risk based, at least in part, on a first set of attributes of the entity, the first set of attributes comprising one or more of an identity of the entity, a number of employees of the entity, an industry in which the entity operates, and an identification of one or more of the entity's competitors; identifying, based on the first set of attributes, one or more data sources from which to collect one or more types of data relating to the entity's cybersecurity; calculating a cybersecurity risk score for the entity based on data collected from the one or more data sources; transmitting, in response to the request, via the cybersecurity risk assessment portal operating on the one or more machines, the calculated cybersecurity risk score. |
