icon-zcspm.svg
ZCSPM

About the Risk Dashboard

ZCSPM enables organizations to monitor their cloud security posture with more than 2500 security policies. The risk dashboard (Dashboard > Risk) provides insight into your organization's risk posture. ZCSPM uses the ISO 27005 framework to prioritize risk levels based on impact and likelihood. All violated security policies are separated into high, moderate, or low risk enabling you to focus on solving high risk misconfigurations first.

ZCSPM determines your organization's risk posture based on the following two parameters:

  • Risk Impact: ZCSPM determines the risk impact for every security policy based on common reasons of past security breaches and cloud security best practices provided by cloud service providers. Risk impact can take any of the following values:
    • Very Low
    • Low
    • Moderate
    • High
    • Critical
  • Risk Likelihood: ZCSPM determines risk likelihood based on the percentage of cloud assets which are failing a certain security policy, the security policy status, and the risk impact. Risk likelihood can take any of the following values:
    • Not Likely
    • Low
    • Moderate
    • High
    • Certain

Undetermined security policies are policies for which ZCSPM cannot collect configuration metadata.

About the Risk Dashboard Page

The risk dashboard contains the following widgets that present data in interactive charts, so you can instantly jump from a chart to a benchmark such as CSBP for more details:

  1. Risk Assessed based on CSBP controls shows the total risk controls and number of risk controls across the following:
    • High risk controls are security policies which have the following risk impact and risk likelihood.

      Risk Likelihood Risk Impact
      Certain Moderate, High, Critical
      High High, Critical
      Moderate Critical
      Close
    • Moderate risk controls are security policies which have the following risk impact and risk likelihood.

      Risk Likelihood Risk Impact
      Certain Very Low, Low
      High Very Low, Low, Moderate
      Moderate Low, Moderate, High
      Low Moderate, High, Critical
      Not Likely High, Critical
      Close
    • Low risk controls are security policies which have the following risk impact and risk likelihood.

      Risk Likelihood Risk Impact
      Moderate Very Low
      Low Very Low, Low
      Not Likely Very Low, Low, Moderate
      Close
    You can also view the percentage of change in risk controls from the ZCSPM's last configuration metadata scan. If you'd like to be notified when ZCSPM detects a drift in your organization's risk posture, see Creating Drift Notifications.
  2. Policy Risk Matrix is based on the ISO 27005 standard which displays the number of security policies and their risk level with color by plotting a matrix of risk likelihood and risk impact. High risk policies are red, moderate risk policies are amber, and low risk policies are yellow. You can click on any field in the matrix. ZCSPM will then redirect you to the Cloud Security Best Practices page where you can view the security policy details pertaining to that risk.

You can view the policy risk matrix for all accounts, but cannot click the fields to view the security policy details.

  1. Risk Categorization is based on the NIST CSF v1.1 standard which displays the percentage of security policies over high, moderate, and low risk levels for specified categories.
  2. Risk Level Trend shows the percentage change of high, moderate, and low risk security policies over a week.

View ZCSPM's Risk Dashboard and the available widgets.

Related Articles
About the Compliance DashboardAbout the Risk DashboardAbout the Asset Security Dashboard