Overview of the Overall Risk Dashboard

The Overall Risk Dashboard, provides a comprehensive overview of the security status within a selected customer or organization (instance). This dashboard collects and presents unique data about the customer, as reported by the onsite sensor and hosted in CYRISMA’s cloud infrastructure.

To begin viewing data in the Overall Risk Dashboard, at least one sensor or agent must be set up within the chosen organization.

Risk Grading

Overall Risk Score

The Overall Risk Score reflects the combined security posture of the instance, based on:

• Data Sensitivity
• Vulnerability
• Secure Baseline
• Compliance

Scores are displayed for Current Period and Previous Period and can be set to monthly or quarterly spans via Admin > System Config > Risk Grade Span.

Each scan contributes to the overall risk score:

• Data Sensitivity: Measures sensitive vs. non-sensitive data and severity ratings.
• Vulnerability: Based on documented CVEs and severity.
• Secure Baseline: Configuration against security benchmarks (e.g., CIS).
• Host Integrity: Based on active file monitoring alerts and response.

Financial Risk Impacts

The Financial Risk Impacts section provides a financial overview of potential risks to the organization, covering:

Dark Web Value of Sensitive Data: Click on the DARK WEB OF YOUR SENSITIVE DATA box to see a 90-day overview of sensitive data categories discovered and their estimated worth on the dark web. You can further drill down by time spans to view details on the categories, file counts, hits, and associated monetary value.

Recovery Cost if Hit with Ransomware: Click on the RECOVERY COST IF HIT WITH RANSOMWARE box to review potential costs of a ransomware incident, including computer recovery, employee downtime, and data valuation on the dark web. Note that this estimate doesn’t include lost sales or business.

Breach Notification Cost: Click on the BREACH NOTIFICATION COST box to view cost estimates for breach notifications by data category. Drill down into individual breach types (e.g., social security numbers) to understand specific costs per category.

Residual Risk Cost: The RESIDUAL RISK COST calculator helps identify ways to further reduce residual risk. Answer specific questions about risk mitigation practices and update the status to "yes" once solutions are implemented, reducing the residual cost displayed.

Monitoring & Reporting

Compliance Tracker

The Compliance Tracker monitors compliance with various regulatory requirements. Dive into individual requirements to determine compliance status. Select non-compliant requirements to see reasons, such as incomplete mitigation plans. Completing these tasks updates compliance status automatically.

Security Program KPI

The Information Security Program KPI evaluates risk reduction and mitigation plan performance over time:

• Performance Index: Shows overall risk trend.
• Risk Reduction Index: Tracks progress against mitigation goals.

Click VIEW SNAPSHOT to see a detailed breakdown of metrics, open plans, and completion rates.

Target Risk Matrix

The Target Risk Matrix displays a breakdown of risk scores by asset type (e.g., desktop, server), providing an impact, likelihood, and overall risk summary per target. Generate a detailed matrix for a granular view of data sensitivity, vulnerabilities, and risk grades for each target.

Risk Trend

The Risk Trend visualizes each risk group’s performance (sensitivity, vulnerability, baseline) over time with an A-F grade scale. Use the line chart to track changes in each category and toggle categories as needed.

Running Scans

The Running Scans display provides an at-a-glance view of ongoing scan activities across the organization.

Assigned Mitigation Plans

The Assigned Mitigation Plans section displays all open mitigation plans, showing assigned users, due dates, and progress for each plan.