Learning Center

How to Use the NIST Cybersecurity Framework to Assess Vendor Security

Learn how to use the NIST Cybersecurity Framework to efficiently assess vendor security for your organization. Read more on SecurityScorecard's blog.

8 Effective Vendor Due Diligence Best Practices

Vendors often have access to sensitive company information, so vendor due diligence is crucial to mitigating risk. Explore 8 things to consider during the vendor due diligence process.

The 2 Types of Risk Assessment Methodology

How to Write Third-Party Risk Management (TPRM) Policies and Procedures

As organizations set out to mature their cybersecurity programs, vendor risk management (VRM) is a primary risk mitigation strategy. However, managing third-party risk becomes overwhelming, especially as they incorporate more cloud-based vendors to help streamline business operations. While monitoring used to be based on a “trust but verify” mentality, the modern move towards “verify then trust” requires organizations to pivot their programs and become more proactive. Writing third-party risk management (TPRM) policies and procedures needs to act as the foundational guidelines for creating an effective vendor risk management strategy.

5 Ways Data Breaches Affect Organizations

While organizations often focus their attention on a data breach’s impact on their bottom line, there are several other other ways a cyber attack can impact a company. Read more on SecurityScorecard's blog.

What Is a Cybersecurity Vendor Due Diligence Questionnaire?

A vendor cybersecurity due diligence questionnaire is a written assessment given to a vendor to gain a better understanding of their cybersecurity environment.

What is the Difference Between Information Security and Cybersecurity?

Information security and cybersecurity are often used interchangeably; however, they both address different kinds of security. Learn more.

Understanding the Importance of Cybersecurity Due Diligence

Many organizations rely on third-party vendors for day-to-day operations, which opens them up to higher levels of risks. Learn why the cybersecurity due diligence process is critical.

The CISO’s Guide to Reporting Cybersecurity to the Board

Being able to effectively report on cybersecurity is a key component to every CISOs job. Learn how CISOs can ensure that their board presentations are beneficial.

What is Cybersecurity Analytics? Definition & Use Cases

Cybersecurity analytics is an approach that uses data aggregation, attribution, and analysis to extract the information needed for proactive cybersecurity. Explore benefits and use cases.

What are the Key Drivers of Enterprise Risk Management (ERM)?

Learn the key drivers of enterprise risk management and why business and security leaders might not be communicating well when it comes to risk and threats.

The Role of Cybersecurity in Enterprise Risk Management (ERM)

An enterprise risk management program should include a cybersecurity element so organizations can identify relationships between risk and impact across its ecosystem.