Overview


About CISO Management Report

The CISO Management report aims to help CISOs communicate the most important security posture statuses to their team members, including campaign status. We recommend visiting this report weekly to gain insight on open tickets and remediation status.

The report comes to help CISOs manage the security relationships within the organization and benchmark Business Groups for the main industry metrics.

The CISO can also relate to specific vulnerabilities that impact the organization and review the monthly hot CVEs.

Before you dive in

First, make sure you cover the Analytics Filters and Data Drilling to learn about the expected behavior of the trends and presented data.


CISO Management Report KPIs

The CISO Management KPIs are the first and main widgets you encounter when entering the report.

What each KPI represents?

KPI

Description

What to strive for?

Security Posture Rating

The current % of assets with maximum risk score below the configured SPR score and how it changed in % compared to the previous period.

The higher the SPR is, the more compliant your environment is with the organization's security posture.

Assets SLA Compliance

Percentage of assets that have no vulnerability instances breaching SLA = Compliant assets.

The higher the percentage is, the more compliant your environment is.

Campaign Coverage

Percentage of vulnerability instances there are tickets opened for in remediation campaigns.

A higher percentage means more vulnerability instances covered in running remediation campaigns (i.e., open tickets on Jira or ServiceNow)


SPR by Business Group

View the % of SPR per Business Group, i.e., what business groups have the highest vs. the lowest security posture rating.


Security Posture Rating (SPR) over time

This trend shows the upwards and downwards shift of the SPR over time. You can use the data-drilling buttons to dig deeper into the data.

Attack Surface Report

Use the attack surface report to learn about the risk changes on assets that affected the SPR changes you observed over time. Read more here on the Attack Surface Report feature.


Vulnerability instances / Assets and SPR by Business Group

Scatter plot representing Business Groups, comparing the Business Groups' SPR and the number of assets and vulnerability instances on each Business Group. This widget helps you understand what Business Groups have the most impact on the organization SPR.


SLA Compliance by Business Group

View the business groups that are most vs. least compliant with the SLA you defined for the organization.


Assets SLA Compliance over time

A trend that shows the % of SLA-compliant assets over time.


Campaign coverage by Business Group

The campaign coverage by Business Group shows the % of vulnerability instances that are linked to remediation campaigns per each business group. Ideally, you should strive to have a higher % campaign coverage for the business groups that are important to you most.


Campaign Coverage over time

This is the same graph you have in the Remediation Performance Report.

Read about this graph here.


Remediation workload

Vulnerability instances Cumulative workload and remediation capacity delta

This is the same widget that exists in the Campaign Tracking Analytics report. Click here to read all about it.


Top Vulnerabilities by Risk Mass

A display of the vulnerabilities that have the most accumulated Risk Mass across the organization.


% of Due Date Compliant Tickets by Business Group

A display of Business Groups sorted by the due-date compliance (closed tickets) in Jira and Service-Now


Vulnerabilities with "Hot CVE" flag

A display of vulnerabilities with a HOT CVE threat tag attached to vulnerabilities discovered during the last 30 days and have a CVSS score higher than 9.


Analytics FAQ and Data Validation

Read our Analytics FAQ and Data Validation article here.

Did this answer your question?