Q&A With Our Director of Solutions Engineering

by Michelle Krasniak

Do you have any questions about CyberGRX, our platform, and how it works?

We sat down with Director of Solutions Engineering Jennifer DeLorenzo to chat about some of the most frequently asked questions her team gets about CyberGRX.

How does CyberGRX compare to security ratings companies?

Security ratings companies typically provide customers with one score to assess a company's overall security hygiene based on scanning the company's web presence.

While CyberGRX finds this type of scanning useful, we recognize that this information does not provide an adequate representation of a company's overall cybersecurity. CyberGRX uses its own scanning technology, like security ratings providers, but uses this information only as a data point, in conjunction with a company's attestation of its security controls to provide a unique 360-degrees view of third-party cyber risk. CyberGRX validates a company's assertions, providing our customers with a confidence level that the assertions are defensible, identifies control gaps, and then recommends mitigation efforts.

Does CyberGRX support multiple industries? 

Yes. Third-party cybersecurity risk spans companies of all sizes and industries and, as such, CyberGRX provides cybersecurity risk information for third parties in any industry, using one unified control framework that maps to various regulations and industry-specific standards.

How are the assessments updated to reflect new regulations and standards?

The CyberGRX assessment is based on recognized standards, most closely aligned to the NIST cybersecurity framework. CyberGRX has a dedicated content team comprised of risk professionals who continually review updates to common regulations and identify new regulations to incorporate any necessary modifications into our framework. We update content seamlessly, due to the nature of our SaaS based platform, on a periodic basis.

Is there a mapping for NIST, ISO and others?

Yes. CyberGRX has preemptively mapped our unified control framework to many standards and regulations. We can also map our control framework to a customer's custom framework.

Studies show 80% of businesses report they experienced a data breach due to Digital Transformation and over 62% are tied directly to a third-party. How can organizations protect themselves from being a statistic? One way is to ensure your third-party vendors are being diligent with their cyber hygiene and utilizing cyber risk assessments is one method to do so.

Start your free trial today!