What is our security score?
The business question What is our security score? provides a high level overview of the application risk assessment. It helps identify the most critical applications based on their CIA score ( Confidentiality, Integrity, Availability). This business question ensures that your application portfolio meets the most important protection goals for IT security and helps your enterprise comply with regulations by identifying yet-to-be assessed applications so that you can initiate activities to capture the required compliance data.
The license package IT Transformation Server - Enterprise is required to work with this business question.
Use the method that is most convenient for you:
- In the left navigation panel, enter What is our security score? in the Search Navigation field.
- In the left navigation panel, click Home. In the content area, go to the Business Questions page and click the tile for What is our security score?
- In the left navigation panel, expand the sections Business Questions and Risk and click What is our security score?
The business question shows a bar chart and data set showing risk assessment of applications based on their CIA score ( Confidentiality, Integrity, Availability). The CIA score is based on the following indicator types:
- Confidentiality: The level of criticality that the application prevents unauthorized access to sensitive information.
- Integrity: The level of criticality that the application data is authentic and trustworthy.
- Availability: The level of criticality that the application is consistently and readily accessible for authorized parties.
- The Application CIA Rating Distribution chart shows the number of applications for the Confidentiality, Integrity, and Availability indicators. The following values are displayed:
- Critical: Indicates that the level of criticality regarding the application's respective confidentiality, integrity, and available is extremely important for the application.
- Essential: Indicates that the level of criticality regarding the application's respective confidentiality, integrity, and available is very important for the application.
- Not Critical: Indicates that the level of criticality regarding the application's respective confidentiality, integrity, and available is not important for the application.
- Undefined: Indicates that the level of criticality is not defined for the application's respective confidentiality, integrity, and available. These application's pose a potential security risk since an accurate CIA score is unknown.
- Point to a bar to view a tooltip with the indicator name, number of applications, and indicator value. Click a bar to open an Application Security Score data workbench showing the applications represented by the bar. You can edit the values for the Confidentiality, Integrity, Availability indicators.
- The Application Security Score data set lists all applications and their CIA scores. Review and edit the values for the Confidentiality, Integrity, Availability indicators. Use the features of the data workbench to slice-and-dice your data to focus on data and do the analyses you are interested in.
Applications must be in the repository and well-documented For each application, the indicators Confidentiality, Integrity, Availability should be defined to have meaningful data this business question.
Go to the Data Quality page and resolve the issues to ensure that the data is complete.
Go to the Data Source page to review the applications that are used to answer the business question. The data source is a list report and cannot be edited.