We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Twenty-Four Seven Security

Peter Schooff

Rating Security Risk Like Credit Risk

Vote 0 Votes

Moody, well known for rating companies' credit risk, has undertaken an initiative to start rating various vendors security risk. This is intended to take the place of the often exhausting (for both the company and the vendor) and incomplete efforts of an extensive security assessment.

According to CSO Online, the Vendor Information Risk Rating Service will provide a ranking between 1 and 5 (with 1 the best), those scores given depending on 11 different categories such as access control, business continuity and data security.

It seems to me that this is certainly something that could be standardized, as most security assessments are trying to spotlight the same things. At this point, the business model is not yet set in stone, but Moody intends to companies $23,000 to be assessed, and on the other side, ask subscribers to pay around $1,500 per report.

Of course, for such a system to work, Moody's would have to persuade enough companies to subscribe (early interest would be in the financial sector), which would in turn create a demand for company's to be assessed. Moody's is expected to introduce this service this week, so we will see.

1 Comment

| Leave a comment

Yes, Moodys has officially launched the service, as of today. For folks interested in learning more about the service, you can visit the web site at www.moodysriskservices.com. Our hope is that we can provide a valuable, and cost effective service that benefits both service providers and financial firms alike - and along the way help reduce information security/privacy risk through out the industries we serve.

While we worked for several months with a number of large financial services infosec, risk mgmt and vendor personnel, we would welcome any comments, feedback, suggestions on the service so we can further continue to refine it to address aspects of info risk that we all think are important to understand and manage. There is an email listed on the website to do so, if you are inclined - and my email is provided above and on the site.

Leave a comment

Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

Peter Schooff

Peter Schooff is Contributing Editor at ebizQ, and manager of the ebizQ Forum. Contact him at pschooff@techtarget.com

Recently Commented On

Monthly Archives