Skip to main content

Scoring

dave herder
  • Updated

In this article:

     

    A transparent view of cybersecurity risk

    Overview

    Our Scoring algorithm features a methodology in which scores are directly linked to security issues. You have full transparency into precisely how much specific issues impact your factor-level scores as well as your overall SecurityScorecard letter-grade rating. Scores in every letter grade are also more accurately correlated to the risk of a potential breach.

    Scoring enables the Scorecard Event Log feature, which provides full visibility into issue-level details that drive score changes, and the Score Planner feature, which empowers you to take control of your scorecard by implementing an automated or customized action plan for score improvement to achieve your target letter grade.

    Scoring delivers the most accurate, transparent, and fair security ratings available.

    How It Works

    The SecurityScorecard platform delivers a dynamic view of any organization’s security posture, updated daily to take the latest set of issues into account. The aggregated information is summarized based on a standard 0 to 100 measurement metric that maps to a simple color-coded letter grade. The highest letter grade is an “A,” which indicates a low number of recent security issues, followed by “B,” “C,” “D,” and “F,” as the number of threat indicators increases.

    The scoring process starts with collecting data on security issues across ten risk factor categories (see General Explanation of Sources). For each set of issues within a factor, we look at the quantity, severity, and age of issues. We then calculate a score value for each issue type. These are then combined to calculate the factor-level score. The overall score and letter grade is based on factor scores, each of which has a specific weighting based on its contribution to security risk.

    Scoring assesses scores based on the number of identified issues and the size of the company’s digital footprint. The algorithm calculates the mean and standard deviation of observed issue counts to inform the score based on the variation between findings and expectations for the company’s size, as informed by its digital footprint. The algorithm also calculates the expected impact of remediating a specific issue on the company’s overall score.

    Please see our Scoring white paper for additional information.

    Getting Started

    • Use the Score Planner feature to automatically generate a detailed plan for specific issue remediation to achieve your target letter grade.

      • See the minimum number of issues required to remediate in order to attain your desired score improvement.

    • Use the Scorecard Event Log feature to identify issue changes that have had a positive or negative effect on factor score and overall grade changes.

      • Create audit reports that list resolved issues and the impact these remediations had on scores.

    • Access granular data to better inform compliance framework mappings.

    Benefits

    • Accurate, transparent, and fair scores
    • A level playing field for your organization, regardless of size
    • Ability to precisely calculate the impact of specific issue remediation on your score
    • Insight to resolve the issues that will have the greatest impact on your score
    • Access to value-add features: Score Planner and Scorecard Event Log

    Related articles