Governance & Risk Management

Giving Organizations a Security 'Score'

Sam Kassoumeh of SecurityScorecard Describes Ratings Service

The security of any organization can be rated based on careful research of information available on the public internet and the dark web, says Sam Kassoumeh, co-founder of SecurityScorecard.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The company offers a security ratings service that some clients are using to screen potential vendors, requiring them to achieve a certain score, he says in a video interview with Information Security Media Group at the recent Healthcare Security Summit in New York.

"You can think of it sort of like a credit assessment, but instead of looking at the financial health of a company we're looking at the security health of a company," he says. "The information is real time and it's nonintrusive. So you never have to ask permission. You can simply enter the name or the URL of any company in the world, and within a few seconds you receive back a comprehensive scorecard on that company's security health performance."

The company validates the authenticity of all the data it gathers on the internet and dark web, he explains.

In this interview, Kasoumeh describes:

  • The security rating process;
  • How security scores can change over time;
  • The role malware reverse engineering plays in helping track threats.

Kassoumeh is the COO and co-founder of SecurityScorecard. He formerly was head of security and compliance at Gilt and led global security at Federal-Mogul.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.