A Cyber Risk Rating service that offers a holistic, outside-in view of an organisation’s security performance. Cyber Risk Rating empowers you to take proactive measures and eliminate vulnerabilities, strengthening your organisation’s security posture.
Cyber Risk Rating consistently monitors and assesses your security ecosystem. It uses advanced analytics that rate your security posture across ten groups of risk factors, including Network, Endpoint and Application Security, DNS Health, Patching Cadence and more.
Faster, smarter executive-level decisions
Get detailed, insightful and easy-to-read security and compliance reporting for easier decision-making among board members.
Stakeholder Confidence And Standardisation
Instil confidence and standardisation among management and board members with consistent monitoring and ratings.
Expert Support
One-on-one Q&A, cyber risk remediation support, security issues advisory and awareness training for management and employees.
Cyber Risk Rating is an essential Security Rating standard with a granular view of your security ecosystem’s performance to identify assets exposed on the Internet, security threats and possible attack methods. Cyber Risk Rating:
A good security rating improves corporate credibility among customers, partners and provides assurance to your organisation’s Board Of Directors via valuable insights and reporting. It is also able to identify third-party vendors’ risk portfolios and security rating and address their risk of cyber attacks.
Celcom Cyber Risk Rating is powered by SecurityScorecard.
Celcom Cyber Risk Rating uses a combination of data points collected organically or purchased from public and private sources and then applies proprietary algorithms to articulate an organisation's security effectiveness as a quantifiable score.
Cyber Risk Rating utilises multiple, non-intrusive security data collection methods that are publicly available. At a higher level, these fall into two technical categories:
Cyber Risk Rating utilises a network of hundreds of passive sensors that are distributed strategically across the Internet. These sensors introduce a wealth of security intelligence that is used to determine specific threat related findings. The sensors include honeypots and DNS sinkholes that enable Cyber Risk Rating to automate the identification of millions of malware infections that are active at any given time. These findings also allow our security engineers to capture important security findings, reverse engineer malware, identify the command and control domains the malware will register, and tune our network of DNS sinkholes to those domains. Combined, these capabilities provide unrivaled visibility into potential threats to the digital footprint of company represented monthly report.
Cyber Risk Rating utilises multiple publicly sourced active scanning technologies. These scanning capabilities introduce a broad range of security intelligence that is used to assess the security ratings across multiple risk factor areas. Also, Cyber Risk Rating uses other scanning techniques including Google Dorking, Github Dorking, DNS records, SSL certificates, header grabs, and hacker community scanning to identify a wide range of attacks, misconfigurations, and exposed vulnerabilities.
Cyber Risk Rating security ratings are easy-to-understand ratings depicted on an A-F scale. They analyse the cyber health of an organisation across ten groups of risk factors. Cyber Risk Rating's statistically robust framework documents the fact that a company with an F-rating is 7.7 times more likely to suffer a consequential breach versus an A-rated company. Certain risk factors, such as application security and patching cadence, are even more indicative of the likelihood of a breach.
Cyber Risk Rating enables businesses to continuously monitor and assess their cybersecurity posture and strength of their cyber-defence to protect online assets from hackers.
An organisation with a good security rating provides assurance and confidence to their customers and ecosystem partners. Poor security ratings indicate that an organisation's data is at risk by highlighting critical gaps in security.Cyber Risk Rating helps you assess your own cyber security posture and that of your business partners and other companies of interest. Your organisation can quickly assess the external security posture of organisations of interest across 10 key risk factors from monthly reports,. You can learn of specific issues uncovered by Cyber Risk Rating that impact your security posture and that of companies in your ecosystem.
The public cannot view the Cyber Risk Rating via the Internet, but organisations rated A can publicly disclose their ratings on the SecurityScorecard website.
Organisations are encouraged to publish the “scores” on the their own organisation webpage to improve customer confidence of the organisation’s security level.
Customers can contact Celcom for consulting services to improve and resolve security vulnerabilities in order to improve their rating.
Customers will receive a welcome email for confirmation upon account activation, followed by monthly and quarterly reports.
Celcom Cyber Risk Rating offers a 3-month trial. Customers can opt to terminate their subscription within the 3-month period. Customers may contact Celcom Customer Service, Account Manager or Channel Partner for termination of Trial service. If no termination request is received, it is considered the Customer agrees to proceed on an annual subscription basis and will be billed with an annual charge after the end of the trial period.
No, the service is charged based on the number of fully qualified domain names or website domains. The minimum is one domain. Customers may subscribe for additional domain names with “Add-On Domain Plan”.
Yes, you can subscribe to “Add-on Domain Plan” anytime.
Service activation requires a maximum of 5 working days.
It is an annual charge in advance for the annual subscription.
No software installation is required.
This service will only issue reports, no password is required.
Subscription to this service will be charged annually at the beginning of the subscription period.
Customers may contact Celcom Account Manager / SMB Dealers for subscription termination.
The Celcom Cyber Risk Rating Solution (“Service”) is made available by Celcom to the Customers subject to these specific terms and conditions for the Service (“Specific Terms and Conditions for Cyber Risk Rating” or “STC for CRR”) which shall always be read together with the General Terms and Conditions for Enterprise Services (“GTC”) published on Celcom’s Website (at https://business.celcom.com.my/legal/terms-and-conditions) as of the Effective Date (as defined herein). Nothing in this STC for CRR shall be construed as limiting any other rights Celcom may have under the Agreement unless specifically stated otherwise. The Agreement shall come into effect on the date of execution of the SAF by the Customer (“Effective Date”) and shall continue to be in force until terminated or expires in accordance with the Terms and Conditions (“Term”).
Definitions
In this STC for CRR, unless the context otherwise requires, the capitalized terms have the meanings assigned to them below and in the GTC
“Contract Period” means the contract period applicable for each subscription activated by Celcom as specified in the SAF which shall commence from the Service Start Date of the subscription;
“End Users” means (a) the legitimate and authorized employees of Customer OR any third party Customer allows to use the Service; (c) who receives the subscription as the result of the use of the Services and (c) who uses or relies on the Service;
“Billing Account” means an account created by Celcom, for billing purposes, under the Customer’s name for the Service;
“Service Start Date/ Effective Date” means the date on which Celcom activates the subscription for Customer’s use subject to Customer’s compliance with any precondition in accordance with the respective terms and conditions of the Service (if any);
“Termination Fee” means the termination fee payable by Customer to Celcom in the event any subscription is terminated within its respective Contract Period;
“Service” means the services that Celcom has agreed to provide to Customer for the purposes of internal use by Customer as set forth in the SAF and as further detailed in the service proposal and all other relevant documentation (including the deployment sign-off).