Market IQ Cyber by Security Scorecard

Discover how to leverage our module for automated monitoring of your vendors' cybersecurity ratings

 

      Safeguard Compliance

      Estimated Read Time: 6 Minutes

 


 

Sections in this Article

Introduction

Getting Started: Basic Configuration

Enabling Market IQ Cyber

Connecting a Vendor to Market IQ

Removing a Market IQ Connection

Viewing Market IQ Cyber Data

Investigating Further with Security Scorecard

FAQ

Security Scorecard Recommended Reading

Additional Reading

 


 

Introduction

Gatekeeper has teamed up with Security Scorecard  to add a CyberSecurity Risk Assessment module to our Market IQ Suite

 

This module can be used within Gatekeeper for:

    • Third-party risk management
    • Board reporting
    • Cyber insurance underwriting
    • Self-monitoring

 

This article will explain the ways you can connect and leverage the risk data from SecurityScorecard for your Vendors in Gatekeeper

 

By connecting your Vendors to Market IQ Cyber, you can add an extra level of sophistication to your Vendor Onboarding & Due Diligence activities such as:

➑️ Storing current and historical CyberSecurity Grades for vendors

➑️ Adding Conditional Approvals to your Vendor Onboarding/Contract Approval workflows

And - by effect - allowing the pre-approval of vendors based on meeting a certain standard you deem to be "Low Risk"

➑️ Automated Monitoring for Risk Escalation & Review Workflows

 

To learn more about how Security Scorecard score their vendors, you can download a copy of their Scoring Methodology Guide here πŸ”—

 


 

Getting Started: Basic Configuration πŸ› 

 

Enabling Market IQ Cyber for your account

 

MIQ Cyber Lite  is available for all Gatekeeper subscriptions

This allows the  Level 1 Data  to be displayed for all Vendors

If you would like to have this enabled for your Gatekeeper tenant - or wish to learn more about   MIQ Cyber Advanced features - please contact your CSM or reach out to our CS Team here to discuss upgrading

 

Connecting a Vendor to Market IQ Cyber

 

Via the Market IQ Tab

Step 1) Head to the Vendor record you wish to set up

Step 2) Navigate to the Market IQ tab

Step 3) Hit βž• Add Market IQ Cyber to this Vendor

Step 4) Enter the Vendor's website

Step 5) Hit βœ… Add Domain

πŸ’‘ We recommend you perform this action for at least one vendor to get started since this action will trigger Gatekeeper to create add the custom fields of the SecurityScorecard Grade & Score to your data model!

 

Via the Vendor Record

Once the module is enabled, populating the Website for a Vendor is enough to automatically connect Market IQ Cyber

Step 1) Head to the Vendor record you wish to set up

Step 2) Alongside the Vendor Summary data section, hit Edit

Step 3) Populate the Website field

Step 4) Hit βœ… Save & Exit (or βœ… Save & Next)

 

If you wish to connect many vendors, you may want to populate this Website field in a Bulk Update

See πŸ“– Vendor Data - Bulk Export & Import for a walkthrough of this task

 

 

Removing a Market IQ Connection

Step 1) Open a Vendor record

Step 2) Head to the Market IQ Cyber tab

Step 3) Hit Remove Synchronisation then Remove to confirm

 

NB. When a Vendor is archived (i.e, the Vendor / Status is set to Archived), Gatekeeper will automatically remove the Market IQ connection!

 


 

 

Viewing the Market IQ Data in Gatekeeper

 

Vendor Records: Market IQ Tab

 

The live Market IQ scores can be viewed on your Vendor Record's tab

When opening a Vendor record, navigating to the Market IQ tab, if Market IQ Cyber has been connected, you will be able to see the Level 1 Data: the Security Score & Security Grade

 

 

This Score & Historical Performance view will give you an instant indication of the current Risk of your Vendor as well as a timeline of this risk so you can take their long term reliability into consideration

The "Grade" is an easy-to-understand way to rank the summary "Score":

 

Grade

Score

> 90
80 - 89
70 - 79
60 - 69
< 60
 

 

Repository Level Views  -    Advanced Only 

At a high-level, you may want to view this CyberSecurity information across multiple vendors

πŸ’‘ One way you can revisit the information & trends for your vendor base can via the configuration of a "Saved View"

Step 1) Head your Vendor (or Contracts) repository

Step 2) Hit the  Configure Columns icon

Step 3) Within the Market IQ | Cyber data section, enable the metadata fields:

β˜‘οΈ Security Score

β˜‘οΈ Security Grade

Step 4) (Optional) Enable/Disable any other metadata fields for the CyberSecurity View you wish to create

Step 5) Hit βœ… Save

Step 6) (Optional) Hit the Filter icon to filter your repository view to a specific subset of your vendors

Step 7) Hit Save This View & choose a Title for this new layout/filter & hit βœ… Submit

 

πŸ’‘ Having a Saved View like this means you can quickly and easily pull up (and export) specific data sets giving you key insights into CyberSecurity risks within your supply chain

 

Vendor Relationship Tables  -    Advanced Only 

If you are leveraging our Vendor Relationships feature to assess & improve the visibility of your supply chains, having Market IQ Cyber connected will allow you to see all Cyber Risk Scores in one view for all associated vendors

 


 

 

Investigating Further with SecurityScorecard

 

From the Market IQ Tab in a vendor record, you can follow the View on SecurityScorecard link to open the vendor record in their platform

Here, you can click into any of the 10 Score Factors that make up the overall score to learn more about any related incidents or risks:

 

Creating a new Account/Accessing your Existing Account with SecurityScorecard

Step 1) Navigate to the SecurityScorecard platform

Step 2) If you are an existing customer, you can log in here with your SS credentials.

Step 3) If not, click "create an account" to sign up for a free account, either using Google SSO or Email & Password 

 

Once you’re logged into your SecurityScorecard account, you’ll see your selected vendor’s scorecard. You can click on any of the 10 score factors that make up the overall score to see more information about any security issues

πŸ’‘ Pay special attention to the sections in bold πŸ’‘

 

 


 

FAQ πŸ’¬

 

Q: What if Security Scorecard has never scored one of my vendors?

A: While rare (SecurityScorecard's scoring engine monitors over 1.3 million organisations), it can happen

In this case, they will use the website/domain entered to go and perform their cybersecurity checks. This should take no more than a few days, after which time you can return to your vendor record in Gatekeeper and the new score will be have been automatically updated

 

Q: Level 1 data is mentioned...What are the other "levels"?

A: Security Scorecard has 4 levels of data:

Available in Gatekeeper

Level 1 Data: Top Level Letter Grade (A-F) and Numeric Score (0-100)

Only Available on the Security Scorecard platform

Level 2 Data: Individual Letter (A-F) and Numeric (0-100) Scores for the following 10 Factors: Application Security, Cubit Score, DNS Health, Endpoint Security, Hacker Chatter, IP Reputation, Information Leak, Network Security, Patching Cadence, Social Engineering.
Level 3 Data:  Individual Findings Counts and Issue Summaries, Score Impact, Historical Factor Scores, Historical Findings, Historical Industry Comparison.
Level 4 Data: Issue Details including Description, Risk, Recommendation, Observations, URLs, Comparison to other companies and more.

 

Q: What types of domains are taken into account to calculate a score?

A: Issues found in any of the following will be taken into account when scoring the main domain.

a) The main domain - e.g. gatekeeperhq.com

b) Other "TLD" (Top Level Domains) for the main domain - e.g. gatekeeperhq.io or gatekeeperhq.co.uk

c) Subdomains - e.g. us.gatekeeperhq.com or eu.gatekeeperhq.com

d) Related domains - e.g. contractnow.com

 

 


 

Security Scorecard Recommended Reading

 

A Deep Dive in Scoring Methodology

Discover the meaning and importance of the Scores provided by SecurityScorecard

 

How SecurityScorecard calculates your scores

Support Article from Security Scorecard explaining the weightings & calculations which provide the single score/grade from their 10 risk factors

 

What is a third-party breach?

Support Article from Security Scorecard explaining their definition of a "breach" and how they assess the "impact"

 

Understand how breaches affect your score

Support Article from Security Scorecard explaining how breaches change a vendor score

πŸ’‘ Pro Tip: You could share this with one of your vendors who wishes to know more about how their score is affected after a breach! 

 


 

Additional Reading πŸ“š

 

Using Market IQ Cyber in Workflows

Learn how to embed the risk data provided by SecurityScorecard in your vendor management workflows, improving your Risk Assessments and ongoing Risk Monitoring activities

 

Market IQ Finance  - by CreditSafe

Learn how to leverage our other automated Risk Monitoring module for Finance & Credit data

 

πŸ›  Create your own - Market IQ Monitoring Workflow

Learn how to configure our Best Practice Template for the autonomous monitoring of your Vendor's CyberSecurity ratings