Business ecosystems multiply cyber risks. 63% of breaches originate from hacked third parties(*)
NormShield rates third-party risks and assigns a letter grade to each vendor, correlates findings with industry standards to inform compliance requirements, and quantifies probable financial impact to communicate risks in business terms.
3D Vendor Risk @ ScaleSM
NormShield’s vision is to give a complete risk picture of a vendor by providing NormShield Cyber Risk Scorecards (technical), Shared Assessments’ SIG Questionnaire (policies and processes) and FAIR results (the probable impact in financial numbers).
The NormShield cyber risk scorecards enable organizations to monitor their third-parties cyber-risk posture and perform a non-intrusive 60 second cyber risk assessment of their suppliers. Executives get easy to understand scorecards with letter-grade scores and IT security teams can drill down to the technical details in each risk category.
Risk in Financial Terms
NormShield uses the FAIR model to calculate the probable financial impact (risk) to an organization if a cyber event would occur to achieve and maintain an acceptable level of loss exposure cost-effectively. FAIR has become the only international standard Value at Risk (VaR) model for cybersecurity and operational risk.
Questionnaire & Compliance Correlation
NormShield correlates findings to industry standards and best practices. The classification allows you to measure the compliance level of the target company for different regulations and standards including NIST 800-53, ISO27001, PCI-DSS, HIPAA, GDPR and Shared Assessments.
Improve cyber risk assessment
Questionnaire-based risk assessment strategies are time consuming and labor intensive. They do not provide a complete picture due to lack of external assessment and are limited to a snapshot of the risk at a given time. Improve your cyber risk assessment with NormShield’sautomatic, continuous, cyber risk assessment of all your third-parties.
Identify the riskiest third parties
Prioritize third parties by technical cyber risk score, compliance level, or probable financial impact resulting from a breachNormShield’s easy-to-understand reports help you to identify the riskiest vendors according to the most relevant criteria and take action to limit risks.
Evaluate. Remediate. Verify.
NormShield provides cyber risk scores to help executives understand cyber security posture and scale return on cyber security investments, and provides detailed technical data and recommendations to help security information personnel remediate issues and mitigate cyber risks.
NormShield provides a shared responsibility platform for both corporate executives and third parties to work together to mitigate cyber risks and eliminate false positives. NormShield SOC analysts review the changes and revert if the users are eliminating findings incorrectly.
(*) “Data Risk in the Third-Party Ecosystem”, Ponemon Institute, 2018.