Giving Organizations a Security 'Score'Sam Kassoumeh of SecurityScorecard Describes Ratings Service
The security of any organization can be rated based on careful research of information available on the public internet and the dark web, says Sam Kassoumeh, co-founder of SecurityScorecard.
The company offers a security ratings service that some clients are using to screen potential vendors, requiring them to achieve a certain score, he says in a video interview with Information Security Media Group at the recent Healthcare Security Summit in New York.
"You can think of it sort of like a credit assessment, but instead of looking at the financial health of a company we're looking at the security health of a company," he says. "The information is real time and it's nonintrusive. So you never have to ask permission. You can simply enter the name or the URL of any company in the world, and within a few seconds you receive back a comprehensive scorecard on that company's security health performance."
The company validates the authenticity of all the data it gathers on the internet and dark web, he explains.
In this interview, Kasoumeh describes:
- The security rating process;
- How security scores can change over time;
- The role malware reverse engineering plays in helping track threats.
Kassoumeh is the COO and co-founder of SecurityScorecard. He formerly was head of security and compliance at Gilt and led global security at Federal-Mogul.