Fair Isaac Corporation
SYSTEM AND METHOD FOR EMPIRICAL ORGANIZATIONAL CYBERSECURITY RISK ASSESSMENT USING EXTERNALLY-VISIBLE DATA

Abstract:

A system and method for assessing the cybersecurity breach risk associated with a given organization is disclosed. The system and method assume no internal visibility into any organizational network. A taxonomy of possible data sources is defined and motivated. The system and method are both purely empirical and robust against common difficulties in scoring organizational networks, such as the raw number of network assets owned by the organization.