Cybersecurity , Risk Management

Giving Organizations a Security 'Score'

Sam Kassoumeh of SecurityScorecard Describes Ratings Service

The security of any organization can be rated based on careful research of information available on the public internet and the dark web, says Sam Kassoumeh, co-founder of SecurityScorecard.

See Also: Defend Against Spear Phishing: Encouraging Developments Gaining Momentum

The company offers a security ratings service that some clients are using to screen potential vendors, requiring them to achieve a certain score, he says in a video interview with Information Security Media Group at the recent Healthcare Security Summit in New York.

"You can think of it sort of like a credit assessment, but instead of looking at the financial health of a company we're looking at the security health of a company," he says. "The information is real time and it's nonintrusive. So you never have to ask permission. You can simply enter the name or the URL of any company in the world, and within a few seconds you receive back a comprehensive scorecard on that company's security health performance."

The company validates the authenticity of all the data it gathers on the internet and dark web, he explains.

In this interview, Kasoumeh describes:

  • The security rating process;
  • How security scores can change over time;
  • The role malware reverse engineering plays in helping track threats.

Kassoumeh is the COO and co-founder of SecurityScorecard. He formerly was head of security and compliance at Gilt and led global security at Federal-Mogul.


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from the North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network