The CISO Management report provides critical visibility into operating metrics like remediation status, campaign coverage, and compliance to ease accurate communication of operational status across the organization. This report is designed to help CISOs and other executives manage security and risk management relationships within the organization and deliver cyber risk performance benchmarks for each business group.

This report also identifies vulnerabilities with the greatest impact potential on the organization, reports the most common CVEs, and highlights industry-recognized Hot CVEs of the month.

Use the Filters pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

First, make sure you cover the Reports (Analytics) Filters and Data Drilling to learn about the expected behavior of the trends and presented data.

The CISO Management KPIs are the first and main widgets you encounter when entering the report.

What does each KPI represent?

Percentage of SPR compliance per Business Group, sorted by the Business Groups with the highest SPR compliance percentage to the lowest. i.e., the Business Groups with the highest amount of SPR-compliant assets.

The percentage of the organization's Security Posture Rating compliance over time, i.e., the percentage of SPR-compliant assets over time. Data-drill-down buttons allow deeper views into the data.

Use the attack surface report to learn about the risk changes on assets that affected the SPR changes you observed over time. Read more here on the Attack Surface Report feature here.

Scatter plot representing Business Groups, comparing the Business Groups' SPR and the number of assets in each Business Group. This widget helps you understand what Business Groups have the most impact on the organization SPR.

Scatter plot representing Business Groups, comparing the Business Groups' SPR and the number of findings (instances) in each Business Group. This widget helps you understand what Business Groups have the most impact on the organization's SPR.

Percentage of SLA-compliant assets per Business Group, sorted by highest to lowest.

Percentages of SLA-compliant assets over time. Data-drill-down buttons allow deeper views into the data.

Percentage of findings (instances) that are linked to remediation campaigns per each business group. You should strive to have a higher campaign coverage for the business groups that are important to you most.

Percentage of findings (instances) linked to remediation campaigns over time by Risk Level. You should strive to have Critical/High-risk vulnerabilities in remediation campaigns.

This is the same graph you have in the Remediation Performance Report. Read about this graph here.

A count of findings (instances) “in progress” status vs. ”fixed” (remediated) existing in all campaigns. This trend offers a cumulative and daily perspective on how much is getting done in remediation actions from a Campaign view and findings count view. Use the data drill-down/up buttons for more insight.

List of top 13 Unique Vulnerabilities and their Risk Mass, sorted by the highest risk mass to the lowest across the organization. The risk mass of a unique vulnerability is the sum of the risk mass of all its findings (instances) across the organization.

Percentage of due-date compliance (closed tickets) by Business Groups. These are the Business Groups with the highest percentage of tickets closed by their assigned due date. Due dates are automatically or manually set when creating a campaign. Due dates are determined through the Vulcan Cyber ExposureOS platform and pushed into the ticketing-creating connectors (Jira, ServiceNow, etc.).

Unique Vulnerabilities with a HOT CVE threat tag. The list displays vulnerabilities that were discovered in the last 30 days and have a CVSS score higher than 9. Click on a vulnerability for more details.

Read our Reports (Analytics) FAQ and Data Validation article here.