CISO dashboard
-
- UpdatedAug 1, 2024
- 4 minutes to read
- Xanadu
- Security Incident Response setup
The Security Incident Response UI (com.app_secops_ui) application is set to be deprecated as a more advanced version, the Security Incident Response Workspace, has been introduced. This version offers enhanced UI capabilities and an improved customer experience. Consequently, the older version will no longer be available for installation as it is missing the latest features and functionalities.
For more information, refer to the Deprecation Process [KB0867184] article in the Now Support knowledge base.
For information on Security Incident Response Workspace, refer to the documentation available here.
This dashboard reveals the overall security posture of your organization, including security vulnerability and incidents.
End users and roles
| End user and goal | Required role |
|---|---|
| CISO: Needs clear visibility regarding the current security posture of the overall organization | sn_si.ciso |
CISO dashboard indicators
The CISO dashboard presents the following key performance indicators:
- SI - Average Time to Identify
- A 7-day average of the time in minutes it takes to identify a security incident, calculated daily.
- Average Time to Contain
- A 7-day average of the time in minutes it takes to contain a security incident, calculated daily.
- Average Time to Eradicate
- A 7-day average of the time in minutes it takes to eradicate a security incident, calculated daily. Both Average Time to Contain and Average Time to Eradicate are based on the indicator SI - Average Duration Time broken down by Security Incident State.
- New Security Incidents This Week
- The weekly sum of the score of the daily Number of new security incidents indicator.
- Security Incidents Closed (weekly)
- The 7-day running sum of the daily Number of closed security incidents indicator.
- New Security Incidents by Priority
- Daily breakdown of the Number of new security incidents indicator by Priority.
- New vs Closed Security Incidents (weekly) volume
- The 7-day running sum time series of the Number of new incidents indicator charted against the 7-day running sum time series of the Number of closed incidents indicator.
- Security Incident Heatmap
- A global map showing the number of open security incidents in each country.
- Security Incident Treemap
- An interactive treemap where you can select to see:
- Security incidents per business service, broken down by business criticality
- Security incidents broken down by category or subcategory of incident
- Security incidents per assignment group or per assignee
- 'Victim stats' of security incident per affected resource or affected user
Breakdowns
The following breakdowns apply to the indicators on the dashboard:
- Business criticality
- Security Group
- Security Incident Age
- Security Incident Category
- Security Incident Close Code
- Security Incident Priority
- Security Incident State
- SI - Business Service
- Vulnerability
Data visualizations
The dashboard includes the following visualizations:
| Title | Type | Description |
|---|---|---|
| Security Incidents Open for More Than 30 Days by Assignment Group and State | Heatmap  |
Displays models with the most vulnerable items. |
| Risks by Category | Donut  |
Lists the age of reopened vulnerable items. |
| Citations by Authority Document | Donut |
Number of active vulnerabilities |
| Security Incidents With Assignee That is not Active | Heatmap |
Displays the number of open vulnerable items associated with vulnerabilities, (Common Vulnerability Enumeration (CVE) records), from most to least. |
| Security Incidents Not Updated for More Than 30 Days by Assignment Group and State | Heatmap |
Displays publishers with the most vulnerable items. |
| Vulnerability Map | Map  |
A world map showing vulnerabilities by location |
| Most Vulnerable Models | Donut |
The applications that contain the most vulnerabilities |
| Most Vulnerable CIs by Class | Donut |
CIs by server type |
| Services with Critically Significant Vulnerabilities | List  |
|
| Non-compliant profiles | Bar  |
Non-compliant controls by profile |
| Control Overview | Bar |
Number of compliant and non-compliant controls |
| Policy Exceptions | List |
Policy exceptions with priority, owner, and short description |
| Risks by Category | Donut |
The number of risks in each category of risk |
| Inherent Risk | Bubble  |
Inherent SLE vs Inherent ARO |
| Residual Risk | Bubble |
Residual SLE vs Residual ARO |
| Moderate, High, and Very High Risks | Scores |
The numbers of moderate, high, and very high risks, respectively |
| Risk by Profile | Stacked Bar |
Risk count where you can select what to group by and what to stack by |
Related Content
- Security Incident Management Premium dashboard
This dashboard uses advanced Platform Analytics visualizations to aid security managers to track the volume, performance and progress of security incidents from initial analysis/detection to containment, eradication, and recovery. The licensed version of Performance Analytics is therefore required.
- Security Incident Management dashboard
With this dashboard, security managers can easily track the volume, performance and progress of security incidents from initial analysis/detection to containment, eradication, and recovery.
- Security Incident Explorer dashboard
With this dashboard, security managers are able to view security incidents summarized and grouped by category, subcategory, location, priority and business impact. These views let managers quickly gain insight into the frequency in which attacks are occurring and which business services are affected.
- Security Operations Efficiency dashboard
Security operations center (SOC) managers can view overall efficiency metrics and measure the individual performance of the SOC team members in the organization.