GDPR.ie’s cyber risk scorecards provide a clear overview of your organisation’s cybersecurity risk exposure, helping you prioritise and manage your most critical risks and enhance the organisation’s security posture.

Cyber risk scorecards are a useful tool in providing a hackers-eye view of your organisation.

They work by using open source intelligence (OSINT) techniques to collect data from 400+ OSINT resources across a span of internet-wide scanners, without ever touching your organisation’s assets.

By assessing, quantifying and communicating your organisation’s digital footprint, our cyber risk scorecards provide valuable insights in a structured and visual manner.

GDPR.ie’s cyber risk scorecards employ Cyber-Threat Susceptibility Assessment (CTSA) methodology.

CTSA is a methodology for evaluating the susceptibility of a system to cyber-attacks developed by MITRE. CTSA quantitatively assesses a system’s ability to resist a cyber-attack over a range of catalogued attack tactics, techniques and procedures (TTPs).

To generate the cyber-risk rating, Blackfoot needs only company domain information.

Our scorecard engine collects information from VirusTotal, Passive DNS servers, web search engines and other internet-wide scanners, as well as proprietary databases, which hold more than 10 billion historic items. The engine searches the databases to find all IP address ranges and domain names that belong to the company.

The resulting map shows how hackers can leverage attack vectors using OSINT resources like hacker forums, social networks, Google, leaked database dumps and paste sites, or even legitimate security services like VirusTotal, Censys, Cymon, Shodan or Google Safe Browsing.

GDPR.ie’s cyber risk scorecards compile this data into a simple, understandable report with letter-grade scores to help identify and mitigate potential security risks.

The platform identifies known vulnerabilities (CVE/CWE), the risk score of the corresponding vulnerabilities/weaknesses (CVSS/CWSS) and attack patterns (CAPEC/FIPS-199 impact level).

We also classify the findings into FISMA Cyber Security Framework area and maturity level, NIST 800-53 control family, FIPS-200 area and NIST 800-37 process step.

All this is achieved without scanning or modifying any of the organisation’s business assets.

Attack surface detection

GDPR.ie’s cyber risk scorecards help you understand your attack surface from a hacker’s perspective and gain unique insights to protect your organisation.

Comprehensive risk intelligence

We assess your environment against 20 threat categories including email security control, dark web searches, compromised credentials and more.

APi integration

Our seamless API integration enables extensive technical, compliance-related and financial cyber risk scorecards.

Fast scan results

Our cyber risk scorecards deliver rapid results you can rely on using just company domain information.

Centralised dashboard

We focus on making it easy for you to monitor your cyber-risks through a
centralised dashboard, providing the visibility you need to manage your risks effectively.

Prioritised findings

Our transparent reporting presents findings in a clear, accessible way prioritised according to risk, ensuring you can focus remediation where it’s most needed.