The page has an integrated help system which is accessed by clicking on the ‘i’ icon.
Overall Cyber Risk CSTAR Score
UpGuard’s CSTAR, or Cyber Security Threat Assessment Report, provides an overarching measure of how secure an organization is. The Cyber Risk portion of an organization’s overall CSTAR score is calculated based on a comprehensive analysis of the externally visible servers maintained by the organization, as well as the cyber-risk position of the vendors on which their business depends. The score represents the weighted average of the scores calculated for each of these vendors, and the scores for each of the organization’s external internet domains.
Use the color key below to assess an organization’s CSTAR score and the severity of any issues detected in your internet presence or the presence of your vendors.
Organization’s Internet Identity
When the Cyber Risk page is first loaded, the identity of the organization from an external perspective may not be set. If this is the case, then company details for the organization will not be displayed. The EDIT button shown on the right hand side of the page can be used to set the primary internet domain for the organization.
Once the primary internet domain for the organization is set, the business information for the organization will be displayed, if available. The information includes the number of employees, the annual revenue, market cap, country of registration, current CEO and Glassdoor approval rating.
The Websites section of the page lists the internet domains that are owned by the organization. These domains represent the external face of the organization to the wider internet, and the CSTAR score of each domain gives a good measure of the overall cyber health of the organization proper. Each of the internet domains managed by the organization is listed. Next to the domain name, the current calculated CSTAR score is given, followed by the date on which the domain was last scanned as well as the calculated score.
Clicking on each domain (website) entry takes you to the Website Details page where a breakdown of the score for that domain is given. Each of the components of the score is listed, as well as the various tests that the domain passed and failed to arrive at the score.
The Vendors section of the page lists the top five vendors of interest to the organization. Vendors in this list fall into one of two categories: a) the vendors that are directly used by the organization, and b) the additional vendors that the organization is interested in following. Vendors from category a) have a direct effect on the Cyber Risk CSTAR score for the organization. Vendors from category b) are not directly used by the organization but are of current interest to it. These may be competitors, alternate vendors to those currently being used, or a selection of organizations selected for the purpose of general monitoring or comparison.
Each of the vendors is listed along with their currently calculated Cyber Risk CSTAR score, and the historical trend for that score over the last 30 days. A single trend summary value is given, indicating by how much the CSTAR score has increased or decreased over the 30 day period and in which direction it is heading. A trend line shows the path that the score has traced over a 30 day period to arrive at the current CSTAR score.
Clicking on each vendor entry takes you to the Vendor Details page for that vendor where the 30-day history of the vendor’s Cyber Risk CSTAR can be viewed in detail. Each of the vendor’s managed domains is listed, along with their individual CSTAR score, and the details of each domain’s score can be investigated through the Website Details page available for each.
To view the entire list of vendors that are of interest to the organization, click on the “View all Vendors” link at the top of the vendor list. This list will display the Followed Vendors page. From here a comprehensive list of all followed vendors can be browsed, and new vendors can be found, browsed, and followed.