- April 15, 2021: Updated navigation for the SPM Application.
- April 8, 2020: Download the page as a PDF.
Enterprise Analytics allows you to better understand your Ratings Tree. Use this analytics tool to:
- Understand and monitor the security posture of the parent and subsidiaries of your organization.
- Recognize how subsidiaries affect the security rating of the parent. Refer to How are security ratings calculated for parent and SPM Subsidiary companies?
The Subsidiaries page (formerly known as “Enterprise Performance”) is a heatmap that shows a 6 or 12-month progression of the security performance of your subsidiaries that you are subscribed to.
How to Interpret
The history of the parent company’s security rating is displayed at the top. Sort or apply the filters to get a better understanding of the security posture relationship between the My Company (parent) and your subsidiaries.
- Lens: Security rating or risk types. Each rating category is divided into three ranges.
- Time Period: 6 months or 12 months.
Sort alphabetically either by lens performance or by changes over time.
- Lens performance: See the performance of your selected lens, from worst to best or best to worst.
- Change over time:
- Change Shown – Worst to Best (Negative change over the past month)
- Change Shown – Best to Worst (Positive change over the selected time period)
- Change from Last Month – Worst to Best (Negative change over the past month)
- Change from Last Month – Best to Worst (Positive change over the past month)
The Subsidiary Improvement page (formerly known as “Impact Analysis”) can be used as a guideline for prioritizing your remediation efforts.
How to Interpret
Use the Subsidiary Improvement page as a guideline for prioritizing your remediation efforts. The width of the step gives an idea of the magnitude of impact that the subsidiary/risk vector has on the parent rating.
This list is ordered in a manner that maximizes the potential impact on the security rating of the My Company (parent) if findings within its subsidiaries were remediated and no new findings are observed. The first step produces the most significant impact and so on.
- The light gray band indicates what the rating of the parent company will be if the findings from the previous steps were remediated.
- The blue and dark gray bands represent the impact on the parent rating if the findings were resolved during that step.
- Completing the steps out-of-order may not yield the same impact on the parent. Some steps rely on the completion of the preceding step to garner the level of impact shown on this chart.
- The impact analysis is re-run one time per day. As risk vectors are remediated, the negative findings decay or complete their lifetime, they will move around or drop off from the analysis.
- Since the Security Incidents risk vector cannot be remediated, the projected security rating of the parent might be below 800 if the company has been impacted it.
- Some subsidiary findings are grouped together to have a visible impact (at least 10 points) on the parent rating.