This August, BitSight announced the release of several new risk vectors specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. BitSight chose those new risk vectors to enhance the insights across the “spectrum of risk” and provide a more comprehensive picture of an organization’s security posture.
As your vendor ecosystem scales, your vendor risk management strategy needs to scale, and monitor evolving risk across your portfolio of vendors becomes an increasingly difficult challenge. We are pleased to announce the release of two new alert types to help you stay up to date with the latest security ratings changes, Risk Vector Grade and NIST Cyber Security Framework (CSF) Grade alerts.
BitSight alerts monitor your vendor portfolio for changes based on your risk appetite and alert preferences. We recommend that you tier your vendor portfolio by business function criticality and set unique alert preferences for each. For example, you may have a low risk appetite for your Tier 1 vendors, who store customer’s personally identifiable information (PII). You can then use Risk Vector Grade alerts and set alert preferences to receive decrease alerts when grades go below a “B” and critical decrease alerts when grades go below a “C.” As vendor tier risk appetite increases, alert preference stringency decreases.
Once set, use alerts to drive vendor risk strategy and trigger actions based on alert notifications. A decrease alert may serve as notification for a Risk Analyst to begin an external investigation, whereas a critical decrease alert requires immediate contact and extending vendor access directly to the BitSight portal.
Similar to the Risk Vector Grade alerts, the NIST/CSF notifications alert users when a vendor’s CSF grade has decreased to a pre-established threshold.
These important new alerts help provide a more comprehensive picture about your organization’s security controls and policies. As a key part of your vendor risk management strategy, BitSight Security Ratings’ Risk Vector Grade alerts allow your vendor risk management program to grow as the spectrum of risk increases. BitSight is leading the way in the Security Rating Services industry to provide this granular detail to better equip your security team to reduce risk.