How Are the Awards Determined?
Once eligible clients are identified, award winners are determined by compiling a security metric Digital Defense has developed called Security GPA®. Security GPA is an easy-to-understand security metric that is compiled from a combination of individual host risk ratings based on results of recurring vulnerability assessment and penetration testing (if applicable) and standardized system criticality ratings. Security GPA scores are pulled for all clients on a quarterly basis throughout the award year and are based upon vulnerabilities discovered only via non-authenticated methods. This allows our clients who are more proactive in running recurring authenticated scans (thereby finding more vulnerabilities and causing a lower Security GPA) to have an apples-to-apples Security GPA comparison against clients who choose not to run authenticated scans.
The quarterly Security GPA scores are then averaged for the year utilizing a weighting system based on the recency of the Security GPA scores, with the more recent scores weighing heavier into the final average. In order to qualify for an award, the average of the ‘annualized’ internal and external Security GPA scores must be at least 3.75. Once qualifiers have been identified, small adjustments/bonuses are applied based on the following criteria:
- Network Size (+0.01 per 100 hosts internally / +0.01 per 10 hosts externally – up to +0.10 points for each network location
- Penetration Testing conducted by Digital Defense (+0.10 for internal and external penetration testing – up to +0.10 points for each network location score)
- Managed Services (+0.0125 per quarter in which contracted, applied both internally and externally)
- Contracted Frequency of Scanning (+0.0125 internally and externally per quarter for on-demand and monthly scanning)
- Authenticated Scanning (+0.025 internally during each quarter that at least one network-wide authenticated vulnerability scan(s) was executed or multiple smaller authenticated scans that are the equivalent to a full network scan)
After the above adjustments/bonuses are applied to the ’annualized’ internal and external Security GPA scores, the internal and external Security GPA scores are averaged, and this score is used to rank the qualifiers to determine the awards.