Silicon Valley analytics firm FICO reports
its Enterprise Security Score performs twice as well as other scores at measuring the risk of an organization having a major data breach. The Score can be used by an organization, its partners and its insurers to measure cybersecurity effectiveness from an outside view.
FICO says a key effectiveness measurement of a predictive model is its dynamic range – the difference in outcome odds between the highest and lowest scores produced by the model. The models powering FICO Enterprise Security Score have a dynamic range of more than 11X, meaning the odds of a major breach are 11 times greater for the lowest-scoring organizations than for the highest-scoring organizations. This separation is more than twice as large as other scores in the market that have published results.
The FICO Enterprise Security Score helps enterprises vet the security risk of potential partners and monitor ongoing risk across an entire portfolio of existing partnerships. The results reflect the long-term stability of partners’ security practices, the effectiveness of security policies, and the condition of network assets. The scores are delivered with robust capabilities for ongoing management and benchmarking, including the ability to organize entities into portfolios, create peer groupings, and generate and route alerts for changing conditions or behaviors.
Unlike other solutions in the market, the FICO Enterprise Security Score is empirically derived, utilizing proven analytics best practices gleaned from 60 years as the premier provider of predictive scores, such as the market-leading FICO Score for consumer credit risk. For the Enterprise Security Score, FICO data scientists explore a deep pool of historical data and security breach exemplars to determine mathematical, causal relationships between network conditions, organizational behaviors, and negative outcomes.
FICO’s algorithm is built around an objective outcome that is forward-looking, geared to measure the risk of a major breach in the next 12 months, rather than simply assess current security posture. The score is delivered with reason codes, which allows scored organizations to quickly remediate the weakest parts of their infrastructure and actively work to remediate and improve scores over time.
For a complete archive of more than 70,000 articles published since 1995 search the CardFlash.com library