In this article:
“Cybersecurity posture” refers to an assessment of the strength of your organization’s cyber-defenses to protect online assets from those who wish to harm. Your cybersecurity posture assessment should measure cyber-defenses holistically across a broad range of technical and operational considerations.
A formalized approach to the cybersecurity posture assessment helps your organization measure incremental improvements to a cybersecurity program over time. Automated cybersecurity posture assessment ensures proper cyber-protections are in place to protect cyber-assets for you and your ecosystem partners.
For related information, see How do I perform a vendor risk assessment?
Key factors for assessing cybersecurity posture
There is no single method for determining your cybersecurity posture. An effective cybersecurity program will include a broad range of controls that span across people, process, and technology considerations. Many controls can be measured in an automated and repeatable way. Some controls are not easily measured but can be surfaced by other data collection and analysis methodologies. Key factors include the ability to measure risk through:
- Validating that proper cybersecurity controls are in place
- Determining if cybersecurity controls are properly configured
- Ensuring that vulnerabilities in cybersecurity controls are addressed
- Assessing additional indicators of cybersecurity risk.
Tip: Your assessment should include application security, endpoint security, network security, patching cadence, and access controls. You also should look at external risk factors such as IP reputation and hacker chatter.
Improving ecosystem cybersecurity posture
Many successful businesses rely on a network of supplier and partner companies, or a partner “ecosystem”. A breach of a partner company can significantly impact the reputation and success of your own organization. Unfortunately, many organizations ignore the need to determine the security posture of their partner companies. In many cases, organizations are compelled, either by internal or external requirements, to ensure their partner companies meet specific information security objectives.
Your organization should work to ensure partner companies have an adequate cybersecurity posture to minimize the risk of a successful, potentially devastating, cyber-breach.
Note: Seventy-five percent of recent breaches emanate from third-party cybersecurity weaknesses.
How SecurityScorecard helps you reduce risk
SecurityScorecard helps you assess your own cybersecurity posture and that of your business partners and other companies of interest. Using the SecurityScorecard dashboard, your organization can quickly assess the external security posture of organizations of interest across 10 key risk factors. Your can learn of specific issues uncovered by SecurityScorecard that impact your security posture and that of companies in your ecosystem.