All charts, except for custom charts, are generated based on certain indicators calculated from the data extracted from projects and events. Calculation of these indicators may take filters into account that limit the universe of data used or use dimensions to group the results. A chart is assembled based on selection of an indicator and a dimension, together with the filters and format.
Indicators are always expressed as numeric values (absolute numbers or percentages) and represent various metrics used in the system, such as the PSR and the Compliance Index. For example: PSR 125, 64% Compliance Index. A dimension, in turn, is a way to consolidate indicators. For example, to view the PSR distribution by asset type, the PSR is the indicator and the asset type is the dimension. The system displays the possible dimensions by which each indicator can be grouped. To view greater or less detailed values (that is, to obtain results in values grouped more or less), the system allows drill-downs when applicable.
In addition to the dimension, the Dashboard module also allows filters to be applied when creating charts. A filter is a restriction on what you want to see in relation to everything that could be displayed in a chart. For example, you can generate a chart with the PSR distribution by asset type, and this chart could be a pie chart with 4 slices, one for each type of asset. A filter can then be applied to this chart so that you can determine that only 3 of the 4 types of assets will be included. The new pie chart would then only display three slices, one for each asset type selected in the filter. In other words, applying filters does not change the indicator or the dimension, but it does affect the chart and the resulting values.
Note that the chart types available for each chart depend on the indicator selected. For details, see Chapter 9: Dashboard -> Chart Gallery -> Chart Types.
The indicators available for risk charts are listed below:
• Control Index: indicates the relationship between the total number of implemented controls and the total number of applicable controls. Thus, the Control Index = total implemented controls / total applicable controls x 100%.
• Controlled PSR: indicates the PSR sum for the implemented controls, represented by a whole number greater than or equal to one.
• Gap Index: indicates the relationship between the total number of non-implemented controls and the total number of applicable controls. Thus, the Gap Index = total non-implemented controls / total applicable controls x 100%.
• Identified PSR: indicates PSR sum for the non-implemented controls, represented by a whole number greater than or equal to one.
• Non-Applicable PSR: indicates PSR sum for the non-applicable controls, represented by a whole number greater than or equal to one.
• Number of Implemented Controls: indicates the number of implemented controls for the asset components analyzed or those matching the filter that was set, represented by a whole number greater than or equal to zero.
• Number of Non-Applicable Controls: indicates the number of non-applicable controls for the asset components analyzed or those matching the filter that was set, represented by a whole number greater than or equal to zero.
• Number of Non-Implemented Controls: indicates the number of non-implemented controls for the asset components analyzed or those matching the filter that was set, represented by a whole number greater than or equal to zero.
• Risk Index: indicates the relationship between the total PSR of the non-implemented controls and the total PSR of the applicable controls. Thus, the Risk Index = PSR sum of the non-implemented controls / PSR sum of the applicable controls x 100%
• Security Index: indicates the relationship between the total PSR of the implemented controls and the total PSR of the applicable controls. Thus, the Security Index = PSR sum of the implemented controls / PSR sum of the applicable controls x 100%.
The dimensions available for risk charts are listed below:
• Asset: consolidates the indicator selected by asset.
• Asset Component: consolidates the indicator selected by asset component.
• Asset Type: consolidates the indicator selected by asset type.
• Control: consolidates the indicator selected by control.
• Grouping: consolidates the indicator selected by control grouping.
• Knowledge Base: consolidates the indicator selected by knowledge base.
• Perimeter: consolidates the indicator selected by perimeter.
• Strategic Business Component: consolidates the indicator selected by strategic business component.
• Tactical Business Component: consolidates the indicator selected by tactical business component.
• Threat: consolidates the indicator selected by threat.
• Threat Source: consolidates the indicator selected by threat source.
The indicators available for vulnerability charts are listed below:
• Number of Vulnerabilities: indicates the number of vulnerabilities identified in an asset processed in risk projects.
• Risk Score: measures the risk associated with vulnerabilities identified by external scanners. The formula used to calculate this score can be viewed and customized in the Risk Score section of the Administration module.
The dimensions available for vulnerability charts are listed below:
• Asset: consolidates the indicator selected by asset (person, process, technology, environment, or custom types).
• Category: consolidates the indicator selected by vulnerability category.
• Level: consolidates the indicator selected by vulnerability level.
• Perimeter: consolidates the indicator selected by perimeter.
• Source: consolidates the indicator selected by vulnerability source.
• Status: consolidates the indicator selected by vulnerability status.
• Strategic Business Component: consolidates the indicator selected by strategic business component.
• Tactical Business Component: consolidates the indicator selected by tactical business component.
• Type: consolidates the indicator selected by type of vulnerability.
• Vulnerability: consolidates the indicator selected by vulnerability name.
The indicators available for compliance charts are listed below:
• Compliance Index: displays the compliance indicator measured for a certain compliance project. The Compliance Index represents how much the organization respects or is in compliance with a certain requirement. The closer this value is to 100%, the greater the organization is in accordance with the requirements in question. This index is represented as a percentage.
• Number of Objects: displays the number of objects analyzed in a compliance project.
The dimensions available for compliance charts are listed below:
• Authoritative Document: consolidates the indicator selected by authoritative document.
• Requirement: consolidates the indicator selected by requirement.
The indicator available for Workflow event charts is:
• Number of Events: indicates the number of events.
The dimensions available for Workflow event charts are:
• Asset: displays the number of events by asset.
• Author: displays the number of events by author.
• Coordinator: displays the number of events by coordinator.
• Event Type: displays the number of events by event type.
• First Reviewer: displays the number of events by reviewer.
• Relevance: displays the number of events by relevance.
• Responsible: displays the number of events by responsible.
• Second Reviewer: displays the number of events by second reviewer.
• Severity: displays the number of events by severity.
• Status: displays the number of events by status (Open, Cancelled, or Closed).
• Strategic Business Component: displays the number of events by strategic business component.
• Tactical Business Component: displays the number of events by tactical business component.
• Third Reviewer: displays the number of events by third reviewer.
• Urgency: displays the number of events by urgency.
• USR Level: displays the number of events by USR Level.