To identify companies with delegated security controls, we apply machine learning models with rule-based systems along with human curation. For those companies, we identify assets (domains and IPs) without delegated controls. All the other attributed assets are classified as having delegated controls. Our goal is to continuously increase the quality of the asset classification process to provide ratings that better reflect the security performance of entities with delegated controls.
Can self-published qualify for delegated security controls?
Self-published companies qualify for delegated security controls since their infrastructure is untouched as they are created by the companies themselves. Only already attributed IPs and domains are identified as having delegated security controls.
All of an entity’s rating tree ancestors that are identified as having delegated controls are also classified as having delegated controls. This can include:
- The direct parent entity.
- The parent of the parent.
- All direct parents up to the top parent entity in the tree.
This is a direct consequence of the Bitsight infrastructure attribution process in the sense that all infrastructure attributed to a specific entity is also attributed to the tree ancestors of the entity.
Feedback
0 comments
Please sign in to leave a comment.