Accelerating Third-Party Risk Management with simple and
effective Third-Party cyber risk scorecards
DVV Solutions today agreed to a managed service partnership with NormShield, the only provider of standards-based external cyber risk assessment and mitigation recommendations. DVV Solutions customers will now have the capability of assessing, measuring and mitigating cyber risk associated with their suppliers and third parties.
NormShield enables enterprises to rank and understand the cyber risk for each of their suppliers, subsidiaries, and target acquisitions. Using easy-to-understand scorecards provide standards-based letter grades on various risk categories, along with data on how to mitigate each risk in priority order. DVV Solutions and their customers can use these scorecards to measure their total shared security ecosystem with their partners and suppliers, and even monitor security improvements made by partners in real-time.
“By integrating the NormShield Cyber Security Risk Scorecards into our managed service offering, we are enabling organisations to adopt a more proactive and powerful approach to the identification, quantification and mitigation of risks in the extended enterprise,” said Sean O’Brien, managing director of DVV Solutions. “NormShield’s Cyber Risk Scorecards are a perfect fit for our service portfolio, delivering a proven, standard-based methodology in line with our core ‘Trust but Verify’ risk management philosophy. The addition of both the Rapid and Comprehensive Scorecards enables us to deliver a quality of analysis and time-to-value that some service providers often struggle to realise for their clients.”
Taking a standards-based approach to risk rating
NormShield’s methodology is built upon the Cyber Threat Susceptibility Assessment (CTSA) for evaluating the susceptibility of a system to cyber-attack developed by MITRE. CTSA quantitatively assesses a system’s [in]ability to resist cyber-attack over a range of cataloged attack Tactics, Techniques, and Procedures (TTPs).
The Rapid Cyber Risk Scorecard is an affordable and effective way for security and compliance managers to obtain a real-time, on-demand assessment of cybersecurity risks and highlight key areas for further assessment and verification.
The Rapid Scorecard identifies potential supply chain risk by scanning the target company’s domain name using OSINT (open-source intelligence) techniques to identify potential problems posed by suppliers and third parties without the need to touch the target company’s internal assets.
(To learn more about the MITRE standards NormShield’s developers follow, see the links on Common Weakness Risk Analysis Framework, Common Weakness Scoring System (CWSS™), The Common Attack Pattern Enumeration and Classification (CAPEC™), and Common Weakness Enumeration (CWE™)).
A partnership for success
“We are delighted to be working in partnership with DVV Solutions, as we expand our reach across the EMEA region.” said Mohamoud Jibrell, CEO and co-founder at NormShield. “DVV Solutions bring extensive knowledge of TPRM, especially in the application of Third-Party risk assessment and scoring to create intelligence that adds real value to our customers’ risk management programs.”
About DVV Solutions
Established in 1999, we have become one of the UK’s leading managed service providers in the design, implementation and management of Third-Party risk management solutions. Our suite of consultative and managed services deliver significant improvements in
– developing and maturing current risk methodologies and frameworks,
– scaling resources to supplement and enhance existing risk assessment programs, and
– delivering time and cost efficiencies through established best-practice and workflow automation
to enable risk assurance teams to spend more time on what’s important: eliminating control gaps, raising security standards, and reducing overall risk.
Call Us: +44 (0) 161 476 8700
Contact Us: Complete our Contact Form, or
Learn more about What We Do
NormShield enables enterprises to monitor their external cyber risk posture and perform nonintrusive cyber risk assessments of their suppliers, subsidiaries and target acquisitions. Using easy-to-understand scorecards, we provide standards-based letter grades on various risk categories, along with data on how to mitigate each risk in priority order.
Learn more at www.normshield.com.