As reported in the WSJ today: “Fair Isaac Corp., known for its US-standard FICO consumer-credit scores, waded deeper into online security Tuesday with the acquisition of cybersecurity startup QuadMetrics. The terms of the deal were not disclosed. The company said it plans to leverage QuadMetrics’s predictive analytics and security-risk assessment tools to develop an industry-wide “enterprise security score” for businesses. The security score is meant to provide an “easy-to-understand” metric to help chief information officers and other corporate IT decision-makers gauge their company’s online risks, while managing risks from third-party software vendors. It can also act as a guide for cyber-breach insurance underwriting, the company said.” Security experts from VASCO Data Security and Lastline responded below.
John Gunn, VP of Communications at VASCO Data Security:
“It is a smart acq
uisition for Fair Isaac, but the concept of performing security assessments for organizations is anything but new – so the success of their strategy will be dependent on insurance underwriters adopting their score as an industry standard and mandating its use for coverage.
“Some organizations may be concerned about the legal liability associated knowing an exact and comparable risk score. Plaintiff’s lawyers could use the score, and a lack of improvement in it over time, as evidence of negligent behavior. It would be hard for an organization to mount a defense and argue that they had good security measures in place if they had knowledge of a consistently poor score.”
Craig Kensek, Security Expert at Lastline:
“These are completely different lines of business with the glue between the two being predictive analysis software. Totally different people will be involved in the buying process. Companies whose sole business is using predictive analysis or other tools to assess how secure a company’s security is for underwriting purposes, won’t suddenly be more impressed or see the need for this because this is now part of Fair Isaac’s product portfolio. That said, predictive analysis software is a slick technology finding new applications in business.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.