Research into an Information Security Risk Rating
The NSF is funding research on giving organizations information-security risk ratings, similar to credit ratings for individuals: Existing risk management techniques are based on annual audits and only provide a snapshot of a partner's security posture. However, new vulnerabilities are discovered everyday and the industry needs a solution that enables a business to continuously monitor changing risk posture of all its partners and proactively manage assumed risks. The Phase II research objective is to build a scalable fully-automated ratings system. The research will focus on identifying and incorporating new data sources, improving the statistical properties of the ratings model, and making the ratings predictive of future behavior. Historically, credit scoring has been a "cost and time-saving technology" that has provided tremendous value to lenders and borrowers alike by reducing costs, predicting future performance, and improving credit accessibility and affordability. Unlike credit scoring, no industry standard scoring service exists to rate business with respect to their information security risk. With Saperix's ratings service, businesses and government will have the potential to reap the same time and cost savings that lenders do from credit scoring services. If the research is successful, Saperix's solution would provide market incentives for improving security outcomes, which would be a significant change in how security investments are viewed by businesses. I have no idea if this is snake oil or if it actually works, but note that this is a Phase II award. There was already a Phase I award, and the NSF must have liked the results from that. ...
Source: Schneier on Security - Wednesday, 25 January
Related articles:
- Older News
- 7Vote! Stuxnet-Like Viruses Remain a Top U.S. Security Risk
Scientific American - 7 days ago
- 5Vote! Teen Books Feature R-Rated Language
Yahoo Science News - 7 days ago
- 5Vote! Kip Hawley Reviews Liars and Outliers
Schneier on Security - 7 days ago
- 4Vote! Social Security's IT system could benefit by joining the cloud, scientist says
PhysOrg - Wednesday, 9 May
- 7Vote! Virginia Tech announces 2012 football helmet ratings; 2 more added to the 5-star mark
- 2Vote! Attack Mitigation
- 3Vote! HP research identifies new era of security risk, shifting vulnerability landscape
- 1Vote! Zip Through the Airport Security Line like the Former Secretary of Homeland Security
Lifehacker - Friday, 20 April
- 4Vote! The future of power
- 13Vote! NASA's Lax Security Leaves Information for Thieves, Hackers
(ContributorNetwork)
- 10Vote! Revision of SP 800-53 addresses current cybersecurity threats, adds privacy controls
- 9Vote! Dumb Risk of the Day
- 6Vote! Patients need more guidance on chemo web information
- 3Vote! Digital photos could put kids at risk
- 15Vote! Security Implications of "Lower-Risk Aircraft"
- 5Vote! Risk-based passenger screening could make air travel safer
- 5Vote! Calculation may lowball heart attack risk
Futurity.org - Friday, 27 January
- 10Vote! Managing research information: one size does not fit all
- 12Vote! Wasting Hackers' Time to Keep Websites Safe
LabSpaces - Tuesday, 24 January
- 4Vote! Balancing scientific freedom and national security
