About CISO Management Report
The CISO Management report aims to help CISOs communicate the most important security posture statuses to their team members, including campaign status. We recommend visiting this report weekly to gain insight on open tickets and remediation status.
The report comes to help CISOs manage the security relationships within the organization and benchmark Business Groups for the main industry metrics.
The CISO can also relate to specific vulnerabilities that impact the organization and review the monthly hot CVEs.
Before you dive in
First, make sure you cover the Reports (Analytics) Filters and Data Drilling to learn about the expected behavior of the trends and presented data.
CISO Management Report KPIs
The CISO Management KPIs are the first and main widgets you encounter when entering the report.
What each KPI represents?
KPI | Description | What to strive for? |
Security Posture Rating (SPR) | The current % of assets with maximum risk score below the configured SPR score and how it changed in % compared to the previous period.
| The higher the SPR is, the more compliant your environment is with the organization's security posture. |
Assets Compliant with SLA | Percentage of assets that have no findings (instances) exceeding SLA = Compliant assets. | The higher the percentage is, the more compliant your environment is. |
Campaign Coverage | Percentage of findings (instances)s there are tickets opened for in remediation campaigns. | A higher percentage means more findings (instances) covered in running remediation campaigns (i.e., open tickets on Jira or ServiceNow) |
SPR Compliance by Business Group
View the % of SPR per Business Group, i.e., what business groups have the highest vs. the lowest security posture rating.
SPR over time
This trend shows the upwards and downwards shift of the SPR over time. You can use the data-drilling buttons to dig deeper into the data.
Attack Surface Report
Use the attack surface report to learn about the risk changes on assets that affected the SPR changes you observed over time. Read more here on the Attack Surface Report feature.
Vulnerability Instances / Assets and SPR by Business Group
Scatter plot representing Business Groups, comparing the Business Groups' SPR and the number of assets and findings (instances) on each Business Group. This widget helps you understand what Business Groups have the most impact on the organization SPR.
Assets Compliant with SLA by Business Group
View the business groups that are most vs. least compliant with the SLA you defined for the organization.
Assets Compliant with SLA over time
A trend that shows the % of SLA-compliant assets over time.
Campaign coverage by Business Group
The campaign coverage by Business Group shows the % of findings (instances) that are linked to remediation campaigns per each business group. Ideally, you should strive to have a higher % campaign coverage for the business groups that are important to you most.
Campaign Coverage over time
This is the same graph you have in the Remediation Performance Report.
Read about this graph here.
Remediation workload
Cumulative Vulnerability Instances Remediation in Campaigns
This is the same widget that exists in the Campaign Tracking report. Click here to read all about it.
Unique Vulnerabilities with Highest Risk Mass
A display of unique vulnerabilities that have the highest Risk Mass.
Campaign due-date compliance by Business Group
A display of Business Groups sorted by the due-date compliance (closed tickets) in Jira and Service-Now
Vulnerabilities with "Hot CVE" flag
A display of vulnerabilities with a HOT CVE threat tag attached to vulnerabilities discovered during the last 30 days and have a CVSS score higher than 9.
Reports (Analytics) FAQ and Data Validation
Read our Reports (Analytics) FAQ and Data Validation article here.