support.securityscorecard.com
Open in
urlscan Pro
104.16.51.111
Public Scan
Submitted URL: http://mkto-ab240127.com/Nzk3LUJGSy04NTcAAAGT6fiZW_of6thbTuPNqkok6kzx9pXUWEZ_SncvjsWOLTwqoZvHStfNftUMaP5ithPFgVju-FI=
Effective URL: https://support.securityscorecard.com/hc/en-us/articles/360055958432-Prepare-for-a-scoring-recalibration?mkt_tok=Nzk3LUJGSy04NTcAAAGT6...
Submission: On June 24 via api from US — Scanned from DE
Effective URL: https://support.securityscorecard.com/hc/en-us/articles/360055958432-Prepare-for-a-scoring-recalibration?mkt_tok=Nzk3LUJGSy04NTcAAAGT6...
Submission: On June 24 via api from US — Scanned from DE
Form analysis
1 forms found in the DOMGET /hc/en-us/search
<form role="search" class="search" data-search="" action="/hc/en-us/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓" autocomplete="off"><input type="hidden" name="category" id="category" value="360005311772"
autocomplete="off">
<input type="search" name="query" id="query" placeholder="Search" aria-label="Search">
</form>
Text Content
Skip to main content Help Center Community Submit a request Log in for Community posts, scoring updates, and more! 1. Help Center 2. Ratings 3. Scoring Updates Articles in this section * Prepare for Scoring 3.0 * A Closer Look at Scoring 3.0 Vocabulary and Breach Likelihood * Recommended actions to improve your Scoring 3.0 score * Evidence-based score gain * Scoring Recalibration FAQ * Prepare for a scoring recalibration * Score update banner information disappeared or does not display * Why are there unexpected Score changes in a Scorecard? * Public Scorecard Badge has outdated score compared to platform score * What is the delay in reporting on a data breach? PREPARE FOR A SCORING RECALIBRATION Mark Glinski * 7 months ago * Updated FollowNot yet followed by anyone IN THIS ARTICLE: * What is a recalibration and why is it important? * How we recalibrate scoring * How Scorecards and Portfolios are affected by recalibration * Take steps to prepare for a recalibration * FAQ * Get help SecurityScorecard continually makes improvements and critical changes that affect how your Scorecard is scored, including scoring recalibrations every three months. Use this article to prepare for recalibrations, so that you can maintain the highest score and best security posture possible. > Tip: In addition to recalibrations, we also make other changes, such adding or > removing domains to your Digital Footprint or improving our attribution > process. See all of our scoring-related updates. WHAT IS A RECALIBRATION AND WHY IS IT IMPORTANT? We recalibrate the baselines that we use to calculate our scores. These recalibrations reflect changes to organizations, the cybersecurity landscape, and the internet. > Note: As of August, 2023, we recalibrate our Scores every three months. By keeping the calibration up to date, we prevent scores from becoming less accurate over time as the number of findings on the internet moves away from the historical baseline. Additionally, scoring updates allow us to add new issue types, retire old ones, and re-weigh the severity of issues to make scores more predictive of negative outcomes, such as breaches and malware attacks. We cannot add new issue types without understanding the baseline to score against, which we get from recalibration. Factor scores are based on issue severity levels, or weights, which we also recalibrate. Each issue contributes some expectation value to the factor score. If we deprecate an issue type, we need to recalibrate the factor without it. HOW WE RECALIBRATE SCORING We base the score on the average number of findings for an organization against their Digital Footprint size. We recalibrate to make sure that the average number of findings of issues and factors is up to date. We update the scoring calibration using two months worth of data. We believe this minimizes the expected score impact and allows for frequent improvements to the platform. In our current Scoring methodology, a Scorecard’s overall score is calculated as the weighted average of the factor scores. Note: In Scoring 3.0, a methodology that we are previewing and will fully apply in 2024, a Scorecard's overall score will directly reflect the severity levels and score impact of issue types. Learn more about Scoring 3.0. As we add or remove issues and information with recalibration, certain factor scores may change while others stay the same. Changes in an organization's factor-level score cause to a change in their overall score. Learn more about how we calculate scores. HOW SCORECARDS AND PORTFOLIOS ARE AFFECTED BY RECALIBRATION When there are no changes to issues and severity levels, we expect the score changes to be less significant than when we add in new issues or re-weight the severity of issues. Since scoring updates affect all Scorecards in the platform, you will see score changes within their Portfolios. These changes may also be reflected in reports, analytics, and other platform features. TAKE STEPS TO PREPARE FOR A RECALIBRATION Use the scoring recalibration reports in the SecurityScorecard platform to help you anticipate, and prepare for, an update. STEP 1: WATCH FOR UPDATE ANNOUNCEMENTS, AND DOWNLOAD RECALIBRATION REPORTS If a scheduled scoring update will affect your Scorecard, you will see alerts in the platform ahead of time, so that you can prepare for them and possibly prevent any projected negative impact: * A banner appears when you log into your SecurityScorecard account. Click Download reports in the banner. > Note: The displayed score impact reflects how the recalibration change > impacts your score on the day it was computed. Since we run scores daily, > the impact may change with new data. * On your Scorecard, a wrench icon that represents a scoring update recalibration appears under your score. Mouse over the icon to see more information... ....Click Download reports.... Select a report to download the .csv file, and then open it in a spreadsheet application. > Tip: For reference and to track changes, you can see past scoring updates on > your Scorecard's History age and issue-level event log. STEP 3: REVIEW THE REPORTS During the window preceding the recalibration, we generate these three reports on a daily basis to show the difference in scores and findings between the current calibration and the new one we will apply on the announced date. You may find it helpful to view the reports in the following order: 1. Start with the Score Difference report for a broad understanding of how your factor scores and overall Scorecard score will change as of the recalibration. Note which factor scores are particularly impactful. 2. Then look at the Score Impact Changes report to see how relevant issue types within each factor will impact scores. 3. Finally, look at the New Findings report to get details about specific issue findings. The reports are in .csv format, and you can open them in a spreadsheet application. SCORE DIFFERENCES REPORT This report shows how your overall and factor scores will change as of the recalibration date because of new findings relevant to the recalibration. See the following table for column explanations: Column heading Explanation date The date that relevant findings were associated with the Scorecard database, to be applied to the Scorecard as of the recalculation date > Note: This is not the date of the report itself, the date of the scan, or the > date that the finding was observed. parent_domain The Scorecard's registered domain, where these changes will occur factor_name The name of the score factor current_factor_score The factor score prior to the recalibration new_factor_score The factor score as of the recalibration factor_diff The numeric difference in the issue type's factor score impact before and after recalibration current_total_score The overall Scorecard score prior to the recalibration new_total_score The overall Scorecard score as of the recalibration total_diff The numeric difference between the overall Scorecard scores before and after recalibration SCORE IMPACT CHANGES REPORT THIS REPORT SHOWS THE HOW ISSUE FINDINGS AFFECTED BY THE RECALIBRATION WILL IMPACT FACTOR SCORES AND THE OVERALL SCORECARD SCORE AS OF THE RECALIBRATION DATE. See the following table for column explanations: Column heading Explanation date The date that relevant findings were associated with the Scorecard database, to be applied to the Scorecard as of the recalculation date > Note: This is not the date of the report itself, the date of the scan, or the > date that the finding was observed. parent_domain The Scorecard's registered domain, where these changes will occur factor_name The name of the score factor measurement_name The issue type that will have an impact on the score change as of recalibration current_factor_impact The issue type's factor score impact prior to the recalibration new_factor_impact The issue type's factor score impact as of to the recalibration factor_impact_diff The numeric difference in the issue type's factor score impact before and after recalibration current_total_impact The issue type's overall Scorecard score impact prior to the recalibration new_total_impact The issue type's overall Scorecard score impact as of the recalibration total_impact_diff The numeric difference in the issue type's overall Scorecard score impact before and after recalibration NEW FINDINGS REPORT This report shows you new issue findings that are projected to appear on your Scorecard, and those that will disappear, as of the recalibration date. > Note: Be aware of the following when viewing this report: > * The findings that appear in the report may change at any time preceding the > recalibration date. For example, if you view the report on two different > days, some findings that appear the first day you see the report may no > longer appear the next day you see it. > * This also means that any of the new findings you see in the report may not > appear on your Scorecard on the day of the recalibration. > * A recalibration may affect existing issue types as well as introduce new > issue types. This means that you may see findings for existing issue types > in the report. See the following table for column explanations: Column heading Explanation date The date a finding was associated with the Scorecard database, to be applied to the Scorecard as of the recalculation date > Note: This is not the date of the report itself, the date of the scan, or the > date that the finding was observed. parent_domain The Scorecard's registered domain, where the finding occurred measurement_type The issue type that the finding belongs to change Whether a new finding was added to the Scorecard (measurement_arriving), or removed because of decay (measurement_departing) measurement_id The unique identifier for the specific issue finding on the given IP address and port number first_seen The first date we observed the finding last_seen The most recent date we observed the finding dst_ip The IP address on which the finding occurred dst_port The port number on the IP where the finding occurred observation_tls Dynamically appears when the report includes findings for the issue type SSL/TLS Service Supports Weak Protocol; the data we gathered that supports the finding protocol The protocol running on the port target Dynamically appears when the report includes findings for the issue type SSL/TLS Service Supports Weak Protocol; the URL or IP address where we observed the finding vulnerability_description The description of the vulnerability as it appears in the National Vulnerability Database vulnerability_id The common vulnerability enumeration (CVE) identifier as it appears in the National Vulnerability Database vulnerability_publish_date The date that the vulnerability was published in the National Vulnerability Database FAQ WHY DOES IT TAKE TWO TO FOUR DAYS, OR EVEN MORE, FOR MY SCORE TO REFLECT A CHANGE? Our batch processing method typically takes two to four days: one day to collect the data and one day to process it. The process can last longer when unexpected variables occur. When collecting data we sometimes detect errors in the data; we then reprocess the data to ensure accuracy. Other reasons for delayed updates to your score may be errors in our scoring pipeline. HOW CAN I STAY AHEAD OF POSSIBLE SCORING CHANGES TO KEEP MY SCORE HIGH OR STABLE? SPECIFICALLY, HOW CAN I GET TO HIGH-PRIORITY FIXES QUICKLY, GIVEN THAT ANY CHANGE TAKES TWO TO FOUR DAYS TO AFFECT MY SCORE? To give you as much time as possible to correct and remediate problems – and thereby keep your scores high – our platform alerts you several weeks before any scoring changes take place. In addition, we highlight any recent changes that may affect your score in our scoring update release notes. There we explain what changes are significant, and how you can resolve these issues in the platform prior to the scoring update deadline. HOW DO YOU SHOW ME WHAT CHANGED, SO I CAN START RESOLVING ISSUE FINDINGS QUICKER? We make your score more actionable with our issue-level event log, which shows new and removed findings each day. This insight helps you implement your remediation process faster. GET HELP If you have any questions or comments, contact your Customer Success manager, or submit a Support request. Was this article helpful? Yes No 2 out of 4 found this helpful Have more questions? Submit a request Return to top RELATED ARTICLES * Scoring update release notes for 2024 * Address issue findings in your Scorecard * Prepare for Scoring 3.0 * Manage and validate your Digital Footprint * How SecurityScorecard scans and attributes cloud IPs Help Center