Vulnerability Management CISO dashboard
With the Vulnerability Management CISO dashboard, view data such as Key Performance Metrics (KPIs) for vulnerability remediation, see the highest risks, verify scan coverage, and learn how to lower risks.
Required ServiceNow AI Platform roles
- sn_vul.vulnerability_ciso to view the dashboard.
- sn_vul.ciso_write to edit the dashboard.
Activating the CISO dashboard
To activate the CISO dashboard, you must install Performance Analytics for Vulnerability Response and activate the corresponding Performance Analytics job. For more information, see Analytics and Reporting Solutions for Vulnerability Response.
Use cases
| User | Dashboard use |
|---|---|
| Chief Information Security Officers (CISOs) | Chief Information Security Officers (CISOs) can use the CISO dashboard to gain
insight into the vulnerability management program for their organizations. The dashboard provides data to help them identify data at-a-glance how they can use to lower the vulnerabilities to their environments. |
Using the CISO dashboard
Executive users, like the Chief Information Security Officers (CISOs) in your organization, can view the CISO dashboard for Vulnerability Response to understand how effective their vulnerability management program is. You can view the CISO dashboard by navigating to . Use the top-level filters to filter reports by Risk Rating, Age Range, or Internet Facing. Some reports display trending data over a period of time. You can view how the important metrics are trending on a regular basis, analyze the overall business security risk, and identify the areas that need improvement.
Running the scheduled jobs
- Update dashboard tables
- [PA VR] CISO Dashboard
| Scheduled job name | Description |
|---|---|
| Update dashboard tables | Daily scheduled job that you must run before the [PA VR] CISO Dashboard job
so that you can collect the CISO data. By running this scheduled job, you update
the Scan Coverage reports. The information updated includes the operational configuration items (CIs) that are scanned in the last 90 days, their classes, and the total number of operational CIs that correspond to these classes. Running this scheduled job updates the reports in the Recommended Actions tab as well. Note: Operational CIs refer to the CIs
that have an operational status as Operational. |
| [PA VR] CISO Dashboard | After the Update dashboard tables scheduled job is complete, run this scheduled job to populate all the reports in the CISO Overview tab. |
CISO dashboard tabs
This dashboard provides an insight into the risks present in Vulnerability Management. You can view vulnerabilities and their related data by region, age, services, and other breakdowns.
The Overview tab contains reports that provide the security posture of your organization at a glance.
The Recommended Actions tab contains reports that provide insights into exploitable, aging, and prevalent vulnerabilities. It also contains solutions that recommend actions to reduce the risks. Run the Update CISO dashboard tables scheduled job to update the reports in this tab.
Indicators
- On the Indicators page, search for the required indicator name in the Name column.
- Click the indicator name to open the record and view its details.
The indicators for the CISO dashboard do not collect records by default. You can choose to collect records by selecting the Collect records check box.
- Total Duration of Closed Vulnerable Items
- Total Duration of Closed VIs is measured daily as Days. The goal of this indicator is to minimize the score.
- Scannable Assets
- Scanned Assets is measured daily as unit #. The goal of this indicator is to maximize the score.
- Services with Most Vulnerabilities
- Services with Most Vulnerabilities is measured daily as unit #. The goal of this indicator is to minimize the score.
- Average Vulnerabilities per Asset
- [[Active Vulnerable Items]] / [[Active Vulnerable Configuration Items]
- Closed Vulnerable Items
- Closed Vulnerable Items is measured daily as unit #. The goal of this indicator is to maximize the score.
- Vulnerable Items Mean Time to Remediate
- [[Summed Duration of Closed Vulnerable Items]] / [[Closed Vulnerable Items]]
- Current Scan Coverage
- Calculates the current scan coverage as percentage.
- Scanned Assets
- Scanned Assets is measured daily as unit #. The goal of this indicator is to maximize the score.
- Closed Vulnerable Items (Target Met)
- Closed Vulnerable Items (Target Met) is measured daily as unit #. The goal of this indicator is to maximize the score.
- % of Closed Vulnerable Items that Met Target
- [[Closed Vulnerable Items (Target Met) / By month SUM]] / [[Closed Vulnerable Items / By month SUM]] *100
- Active Vulnerable Items
- Active Vulnerable Items is measured daily as unit #. The goal of this indicator is to minimize the score.
- Average Age of Vulnerable Items
- Average Age of Active VIs is measured daily as unit Days. The goal of this indicator is to minimize the score.
- Active Vulnerable Configuration Items
- Active Vulnerable CIs is measured daily as unit #. The goal of this indicator is to minimize the score.
- Monthly Remediation Efficiency
- [Number of vulnerable items closed during a month] / [Number of new or reopened vulnerable items in the same month]
- New Vulnerable Items
- New Vulnerable Items is measured daily as unit #. The goal of this indicator is to minimize the score.
- Deferred Vulnerable Items
- Deferred VIs is measured daily as unit #. The goal of this indicator is to minimize the score.
Breakdowns
- Assignment Group: Applies to some VI reports.
- Risk Rating: Applies to VI reports.
- Age Range: Applies to VI reports.
- Age Closed: Applies to reports for closed VIs.
- Internet Facing: Indicates whether the CI belongs to the hardware class and is internet facing.
- Region: The CMDB CI parameter used is Location. This location indicates the country of origin of the configuration item.
Data visualizations
| Name | Type | Description |
|---|---|---|
| Average Vulnerabilities per Asset | Single Score  |
Average number of active vulnerable items for each configuration item. |
| Mean Time to Remediate (MTTR) | Single Score |
The mean time to remediate (close) a vulnerable item, displayed as a 30-day
running average. Note: The value for Age Closed is calculated when data is
collected. The value is the difference between the Last Opened date and the date
and time of the collection job. |
| Average Age of Vulnerabilities | Single Score |
Average age of active vulnerable items in days. |
| Services with Most Vulnerabilities | List and Line
 |
Monthly average of active vulnerable items for services in the
organization. Note: For information on defining the service classifications that
you want to display in Vulnerability Response reporting and related lists, see
the Services tab in Vulnerability Management
[PA] dashboard. |
| Countries with Most Vulnerabilities | Donut |
Top 10 countries with the highest number of vulnerable items. |
| Monthly Remediation Efficiency | Single Score |
Percentage of closed vulnerable items divided by new vulnerable items in the current month. |
| New and Closed Vulnerable Items | Bar  |
Number of new vulnerable items imported and number of vulnerable items closed in a month. |
| Scan Coverage | Line |
Number of scanned assets compared to the total number of scannable assets,
shown over time. The CI Classes included in the widget are specified in the Scan
Coverage Configuration module. For information on configuring the Scan Coverage module, see Configure the Scan Coverage reports. |
| Monthly Scan Coverage | Single Score |
Percentage of scanned assets divided by the total number of scannable assets
for the current month. For information on configuring the Scan Coverage module, see Configure the Scan Coverage reports |
| Top 10 Assignment Groups with Most Deferred Vulnerabilities | List and Line
|
Top 10 assignment groups with the highest number of deferred vulnerable items, deferred based on the monthly average. |
| Top 10 Assignment Groups with Lowest Remediation Target Adherence | List and Line
|
Top 10 assignment groups whose vulnerable items have the lowest adherence to their remediation targets. |
| Name | Type | Source table | Description |
|---|---|---|---|
| Top 10 Vulnerabilities with Exploits Available | List |
Vulnerability Top Item [sn_vul_analytics_top_item] | Active vulnerabilities with exploits available for all the threat intelligence vendors that use the VR exploit framework. |
| Top 10 Highest Impact Solutions | List |
Vulnerability Top Item [sn_vul_analytics_top_item] | Preferred solutions or patches with the highest risk scores for active vulnerable items. This report uses the capabilities of Vulnerability Solution Management (VSM), which correlates patches from Microsoft and Red Hat to vulnerabilities in the environment. VSM helps identify the preferred solution for vulnerabilities. |
| Top 10 Oldest Vulnerable Items | List |
Vulnerability Top Item [sn_vul_analytics_top_item] | Active vulnerable items with the highest age. Resolve these items to lower the average vulnerability age on the Overview tab. |
| Top 10 Vulnerabilities Most Prevalent on Assets | List |
Vulnerability Top Item [sn_vul_analytics_top_item] | Active vulnerable items available for the highest number of assets. |