The Rating Details page [ Organization ➔ Rating Details] in the Security Performance Management application breaks down your My Company’s or a selected subsidiary’s risk by risk type. It provides detailed summary charts for particular risk vectors.
- Go to a risk vector section to either get more information about the risk vector in the Knowledge Base or to the entity’s
Findings Table, filtered for that risk vector.
- Select the
More Information option for a summary of the kind of information observed by each risk vector, including how they are assessed, how the data for that risk vector is collected, the associated risks, and the recommended remediation for that risk vector.
Components
Compromised Systems
Indicates the presence of malware or unwanted software, which is evidence of security controls failing to prevent malicious or unwanted software from running within an organization.
The comparison of Compromised System rates to industry categories.
Diligence
The Diligence chart shows:
- The overall trend and progress of finding grades by Diligence risk vector.
- A count of historic Diligence risk vector findings by finding grade.
- The direction of the trend, highlighting if remediation efforts are making a difference, before the rating or risk vector letter grade changes.
User Behavior
Shows employee activity, such as file sharing and credentials exposed in breaches or other types of leaks that may be at risk.
- Exposed Credentials [standard] – View and download Exposed Credentials data.
- Identity Intelligence Preview – The Identity Intelligence Preview card detects and provides, on average, more credentials than the standard Exposed Credentials data. Identity Intelligence also supports password policy filtering, email exclusions, and correlation with identity providers (IdP).
Public Disclosures
Possible incidents of undesirable access to a company’s data, including breaches, general security incidents, and other disclosures.
Actions
Download Exposed Email Addresses
Download exposed email addresses (Exposed Credentials data) for your My Company and My Subsidiary.
Instructions:
- Select
Download Credentials at the top-right of the Exposed Credentials section.
- Select the observation time period to include for the download. Include credentials that were observed to be exposed (Observation Date/
observation_date) within the last:
- 1 month
- 3 months
- 6 months
- 12 months
- Confirm by selecting Download.
Download Progress Over Time
Download a CSV of your progress on remediating Diligence findings.
Instructions: Select
Identity Intelligence Preview
View the Identity Intelligence Preview card.
Instructions: Go to the Exposed Credentials section within the User Behavior risk category.
Learn More About the Risk Vector
Instructions: Select the
View Findings
Select the View Findings button below the risk vector description.
Reports
Select the Reports button at the top-right for the following reporting actions:
- Export Page PDF
- Download Rating Details as a PDF file.
- Download Company Report
- Get an overview of a company’s security performance, a summary of the findings, and comparisons to industry averages.
- Company Preview Report
-
A synopsis of a company’s performance compared to its industry peers.
Available for all subscriptions except Risk Monitoring.
- Download Risk Summary Report
- Highlights the worst performing, critical areas for this company relative to Bitsight-recommended peers, which are composed of 100 of the most similar peers based on industry, description, and size.
- NIST CSF Report
- A high-level summary of an organization's compliance with the US National Institute of Standards and Technology's cybersecurity Framework using Bitsight data as evidence.
- ISO/IEC 27001 Report
- A high-level summary of the selected company’s compliance with ISO/IEC 27001:2013 using Bitsight data as supporting evidence for compliance.
- March 25, 2025: Identity Intelligence Preview card.
- February 10, 2025: Added available actions.
- October 29, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.