63% of breaches originate from hacked third parties(*)
NormShield® rates third-party risks and assigns a letter grade to each vendor, correlates findings with industry standards to inform compliance requirements, and quantifies probable financial impact to communicate risks in business terms.
3D Vendor Risk @ Scale ®
NormShield’s vision is to give a complete picture of a vendor’s risk by providing a technical report with letter grades, Shared Assessments’ SIG Questionnaire (policies and processes) and Open FAIRTM results (the probable financial impact).
NormShield® enables organizations to monitor their third-parties cyber-risk posture and perform a non-intrusive 60 second cyber risk assessment of their suppliers. Executives get easy to understand letter-grade scores and IT security teams can drill down to the technical details in each risk category.
Risk in Financial Terms
NormShield® uses the Open FAIRTM model to calculate the probable financial impact (risk) in an organization if a cyber event occurred, in order to achieve and maintain an acceptable level of loss exposure. FAIR has become the only international standard Value at Risk (VaR) model for cybersecurity and operational risk.
Questionnaire & Compliance Correlation
NormShield® correlates findings to industry standards and best practices. The classification allows you to measure the compliance level of the target company for different regulations and standards including NIST 800-53, ISO27001, PCI-DSS, HIPAA, GDPR and Shared Assessments.
Identify the Most Vulnerable Third Parties
Prioritize the inclusion of third parties by their technical cyber risk score, compliance level, or probable financial impact resulting from a breach. NormShield’s easy-to-understand report helps you to identify the vendors most susceptible to an event according to the latest criteria.
Evaluate. Remediate. Verify.
NormShield® provides cyber risk scores to help executives understand cyber security posture and scale return on cyber security investments, and provides detailed technical data and recommendations to help security information personnel remediate issues and mitigate cyber risks.
NormShield® provides a shared responsibility platform for both corporate executives and third parties to work together to mitigate cyber risks and eliminate false positives. NormShield SOC analysts review the changes and revert if the users are eliminating findings incorrectly.
(*) “Data Risk in the Third-Party Ecosystem”, Ponemon Institute, 2018.