Defining the SPR threshold
To define your organizational security posture threshold:
Go to Settings > Risk
Set the threshold (an atomic risk score)
Note: Only assets with (atomic) risk scores below this threshold, exclusively, will be complying with your security posture policy
Any asset with a risk score smaller than the configured threshold (80 in the example above) will be considered secure (below your risk threshold). This means that a vulnerability-free asset that has a risk score above 69 will be considered secure (compliant). However, an asset with at least a single vulnerability with a risk score of 80 will be non-compliant.
SPR per Business Group
To measure progress across Business Groups and see which Business Groups have more risk than the others, Vulcan automatically calculates the SPR per Business Group and presents the relative SPR compliancy of the Business Group. The same also applies to the SPR of the entire organization.
You can see the SPR per Business Group on the Vulnerabilities page as well as on the Dashboard page.