- June 5, 2023: Updated to include Control Insights capabilities.
- November 15, 2021: Updated link to the Reports page.
- July 26, 2021: Published.
The Performance Summary report is a customizable PowerPoint presentation that summarizes a company’s Bitsight Security Rating, control performance, operational metrics, and the Bitsight users monitoring them.
The report provides industry and benchmark context to facilitate conversations with executive stakeholders. Text comments can be added to the report after it is downloaded to easily include details of actions taken throughout the period of the report.
The report uses data from the last six months to create five slides, covering:
- Rating change data compared with your peer group and company benchmarks
- The number of companies monitoring your Bitsight rating over time and the industry breakdown of those companies
- A summary of selected Control Insights data
- A breakdown of Compromised System events, File Sharing activity, and overall Diligence risk vector grades.
- A summary of findings for Diligence risk vectors (except Patching Cadence and Mobile Application Security)
- Available for Security Performance Management.
- This report does not support the Patching Cadence and Mobile Application Security risk vectors.
Generating the Report
- Locate the Performance Summary card on the Reports page in the SPM app.
- Mouse over the card and select Create. This opens a configuration window.
- Use the Company dropdown to select a target company for the report. This company can be your My Company or one of your subsidiaries.
- On the Peer Comparison tab, choose one of the following options:
Select Configured Peer Group to pull peer comparison data directly from the Peer Analytics feature based on your report configuration. This option is only available if you have access to Peer Analytics.
If your company selection in this report is different from your company selection in Peer Analytics, you will receive data for the default Automated Peer Group (Default Industry & Similar Employees).
- Select Industry to compare your company to others in an industry.
- Select Ranking to compare your company to others in an established ranking category.
- Select Next.
- On the Benchmarking tab, select which companies to include in the report.
- Select Add Company to choose a company to benchmark against. You can select up to 7.
- Select the Edit or Delete icons to adjust the companies in the list.
- Select Next.
- On the Control Insights tab, configure how your controls and insights are presented in the report.
This slide is optional. You may choose to remove it during report generation.
- Select which Control Framework to use in the report.
- Select up to three insights to include in the report.
- To pick a different insight, click the Edit button. Open the dropdown list, scroll to the insight you'd like to include, and select it.
- To remove an insight from the report, click the Delete button.
- To add an insight to the report, select Add Insight.
- On the Risk Vector Performance tab, select up to four Diligence risk vectors to include in the report.
Default: TLS/SSL Certificates, TLS/SSL Configurations, Open Ports, and Web Application Headers.
- Select Add Risk Vector to choose another risk vector from the dropdown. This option only appears if you have chosen less than four risk vectors.
- Select the Edit icon to swap to a different risk vector.
- Select the Delete icon to remove a risk vector.
- Click and drag the grab handle icon to reorder the risk vectors.
- Confirm your selections and select Create Report.
Once created, you may download and save it to run in the future, without having to repeat the configuration, or schedule it to be emailed to you on a periodic basis.
There is no in-browser preview available for the Performance Summary report.
Adding Comments to Finish the Report
Once downloaded, you can open the report and add commentary in pre-positioned and formatted text boxes. A comment noting the position of the company’s rating, relative to the selected benchmark competitors, is pre-populated. Insert comments in the text boxes.
Commentary could include a summary of the data in the charts or specifics of the actions taken and planned to improve security performance. If you do not wish to add comments, the comment boxes can be easily removed from the presentation.