ZCSPM
About the Risk Dashboard
ZCSPM enables organizations to monitor their cloud security posture with more than 2500 security policies. The risk dashboard (Dashboard > Risk) provides insight into your organization's risk posture. ZCSPM uses the ISO 27005 framework to prioritize risk levels based on impact and likelihood. All violated security policies are separated into high, moderate, or low risk enabling you to focus on solving high risk misconfigurations first.
ZCSPM determines your organization's risk posture based on the following two parameters:
- Risk Impact: ZCSPM determines the risk impact for every security policy based on common reasons of past security breaches and cloud security best practices provided by cloud service providers. Risk impact can take any of the following values:
- Very Low
- Low
- Moderate
- High
- Critical
- Risk Likelihood: ZCSPM determines risk likelihood based on the percentage of cloud assets which are failing a certain security policy, the security policy status, and the risk impact. Risk likelihood can take any of the following values:
- Not Likely
- Low
- Moderate
- High
- Certain
Undetermined security policies are policies for which ZCSPM cannot collect configuration metadata.
About the Risk Dashboard Page
The risk dashboard contains the following widgets that present data in interactive charts, so you can instantly jump from a chart to a benchmark such as CSBP for more details:
- Risk Assessed based on CSBP controls shows the total risk controls and number of risk controls across the following:
- High Risk Controls
High risk controls are security policies which have the following risk impact and risk likelihood.
CloseRisk Likelihood Risk Impact Certain Moderate, High, Critical High High, Critical Moderate Critical - Moderate Risk Controls
Moderate risk controls are security policies which have the following risk impact and risk likelihood.
CloseRisk Likelihood Risk Impact Certain Very Low, Low High Very Low, Low, Moderate Moderate Low, Moderate, High Low Moderate, High, Critical Not Likely High, Critical - Low Risk Controls
Low risk controls are security policies which have the following risk impact and risk likelihood.
CloseRisk Likelihood Risk Impact Moderate Very Low Low Very Low, Low Not Likely Very Low, Low, Moderate
- High Risk Controls
- Policy Risk Matrix is based on the ISO 27005 standard which displays the number of security policies and their risk level with color by plotting a matrix of risk likelihood and risk impact. High risk policies are red, moderate risk policies are amber, and low risk policies are yellow. You can click on any field in the matrix. ZCSPM will then redirect you to the Cloud Security Best Practices page where you can view the security policy details pertaining to that risk.
You can view the policy risk matrix for all accounts, but cannot click the fields to view the security policy details.
- Risk Categorization is based on the NIST CSF v1.1 standard which displays the percentage of security policies over high, moderate, and low risk levels for specified categories.
- Risk Level Trend shows the percentage change of high, moderate, and low risk security policies over a week.