Cybersecurity Benchmarking Service

The Benchmarking Service collects data from the BitSight cybersecurity ratings service, Shodan, CUCCIO security surveys, and working group discussions.

Participating organizations receive access to the BitSight portal, security performance reports, and benchmarking reports showing their security performance in relation to their peers over time.

BitSight’s ratings and scores are based on detailed external security observations, which are the primary source of the continuous monitoring feed sent every night to your organization. The data includes information about your organization’s compromised systems (including botnet infections on your network), security diligence (including vulnerable and misconfigured servers, out-of-date desktop operating systems and browsers, and insecure mobile devices), and user behaviour – especially file sharing.

BitSight collects well over 400 billion security observations per day from multiple sources, checks and curates the data, and then provides 23 separate risk scores for the organizations it monitors.

The scores are used to provide an overall security rating for each organization.

Benefits for Research & Education Organizations

• For Small R&E Organizations – Security posture information and ongoing security observations provide essential information that often cannot be generated with limited internal resources or purchased individually.
• For Large, Research-Intensive R&E Organizations – Augments investments in detection and response and contributes to broader SIEM deployments. Benchmarking and monitoring data also helps drive security practices in decentralized IT infrastructures typical of large institutions.
• For R&E Organizations of all Sizes – Helps to check and remediate important security gaps and provides an external view of cybersecurity health to help security teams and CIOs achieve a broader perspective with which to plan improvements.

Benefits for Institutional IT/Cybersecurity Teams

Benchmarking provides invaluable data for:

• Requesting funds for cybersecurity during the budget process and from executives and boards of directors
• Measuring and improving year-to-year cybersecurity performance
• Detecting current security problems
• Selecting and monitoring more secure third-party vendors and services

Technical Staff and Time Commitment

Participation in the Benchmarking Service is typically at the CISO or security lead level, with some participation of CIOs. Following the initial completion of the onboarding questionnaires which can take 3-4 hours, ongoing participation on a national Benchmarking working group requires approximately a four-hour commitment per month.

Getting Started

For organizations enrolled in the CANARIE Cybersecurity Initiatives Program (CIP):

1. Visit https://canarie.ca/cip/benchmarking to sign up.
2. You will be contacted by the Benchmarking team to plan your participation in the initiative, which includes introductory workshops & surveys.

If your organization is not yet enrolled in the CIP, click here to learn about participation. Once your organization is enrolled in the CIP, you’ll be able to access all funded initiatives. 

Support

Once enrolled, support is provided by contacting the Benchmarking team directly and by sharing information within the working group.

If you have questions about the Benchmarking service or the sign-up process, please contact [email protected].