Skip to main content

PII vulnerability exposure

Use the PII vulnerability exposure dashboard in Risk Monitor to get an overview of your organization's exposure to vulnerabilities present within applications that could contain personally identifiable information (PII).

Description

The charts show the distribution of vulnerabilities between PII types, like for example financial information or location data, allowing you to focus on PII types of special concern to your organization.

You can filter the data to focus on the PII vulnerability status of a certain parameter All key figures, charts, and tables will adjust to show the results filtered by the selected parameter. Use the filters to focus on, for example:

  • A specific vulnerability (CVE ID); if it is connected to a PII risk application present in your organization, and if so, what devices are affected.

  • A specific application in your organization; if it is a vulnerable PII risk application, and if so, what devices are affected.

  • A specific device in your organization; if it has any vulnerable PII risk applications installed, and if so, details of the applications, like name and PII type classification.

  • A specific user in your organization; if the user has access to any vulnerable PII risk applications, and if so, details of the applications, like name and PII type classification.

  • All PII risk vulnerabilities within a specific department in the organization.

  • All vulnerable PII risk applications that have been accessed by unauthorized users.

For information on related uses cases, see the following sections:

Characteristics

You can refer to the tables below for descriptions of the key figures, filters, charts, and tables on the dashboard.

Key figures

The key figures give a quick overview of the status of your IT estate's exposure to vulnerabilities in PII risk applications.

Key figureDescription
Vulnerable PII risk devicesThe number of devices with at least one vulnerable PII risk application installed.
Vulnerable PII risk applicationsThe number of vulnerable PII risk applications.
PII application vulnerabilitiesThe total number of vulnerabilities found in PII risk applications.

Filters

Use one or more filters to focus on specific aspects of your IT estate's exposure to PII software vulnerabilities. All the key figures, charts, and tables on the dashboard will adjust to show the results filtered by the selected parameter or parameters.

FilterDescription
Application nameSelect an application from the list of vulnerable applications to see if it is a PII risk application.
The charts will show the PII type classification for the vulnerability.
The table PII application details will list all devices with the vulnerable PII risk application installed.
If the application is not a PII risk application, the page will show blank results.
Tip: Right-click the number in the Application vulnerabilities column and select Drill through > Vulnerability reference to reach links to security updates and patches for the vulnerabilities.
OrganizationSelect an organizational unit from the list to see its exposure to PII software vulnerabilities.
User authorisedSelect False to see if any unauthorized users have accessed vulnerable PII risk applications.
An unauthorized user breaches the rules for accessing applications that have been set on the Intended access page.
UserSelect a user from the list to see if any vulnerable PII risk applications are installed on devices connected to that user.
CVE IDSelect a CVE ID from the list to see if the vulnerability connected to the CVE ID concerns a PII risk application that is present in your organization.
The charts will show the PII type classification for the vulnerability.
The table PII application detail will list all devices containing the vulnerability.
If the vulnerability does not concern a PII risk application, the dashboard will show blank results.
Tip: Right-click the figure in the Application vulnerabilities column and select Drill through > Vulnerability reference to reach links to security updates and patches for the vulnerabilities.
Device nameSelect a device name from the list to see if any vulnerable PII risk applications are installed on the device.
The table PII application details will list all vulnerable PII risk applications installed on the device.
If no vulnerable PII risk applications are installed on the device, the dashboard will show blank results.

Charts

The charts show the distribution of vulnerabilities between PII types.

You can select a bar in a chart to focus on a certain aspect of a specific PII type, for example, applications that may contain financial information or critical vulnerabilities in applications that may contain location data. All the key figures, charts, and tables on the page will adjust to show the results filtered by the selected item.

ChartDescription
Vulnerable devices - by PII typeGroups the vulnerable PII risk devices by PII type.
Each device can belong to more than one PII type.
Vulnerable applications - by PII typeGroups the vulnerable PII risk applications by PII type.
Each application can belong to more than one PII type.
Vulnerabilities - by PII typeGroups the PII application vulnerabilities by PII type. For each PII type, the number of vulnerabilities are divided by base severity.

Tables

Use the table to look up details about vulnerable PII risk applications in your IT estate.

Select a column header to sort the table by that column.

TableDescription
PII application detailsUnfiltered, the table includes all vulnerable PII risk applications in your IT estate.
The following details are shown in the table:
  • Application name: The name of the vulnerable PII risk application.
    If an application is installed on several devices, the application name occurs in multiple rows, with one row for each device.
  • Device name: The name of the device with the vulnerable PII risk application installed.
    If a device contains several vulnerable PII risk applications, the device name occurs in multiple rows—one for each application.
  • Device type: The type of device.
  • Has Antivirus: If antivirus protection is installed on the device or not (True/False).
  • Has Filesharing: If the device is connected to a file-sharing service or not (True/False).
  • Has VPN: If the device is connected to a VPN service or not (True/False).
  • Run (count): The number of times the application has been run on the device.
  • Per run (min): The average number of minutes per run for the application on the device.
  • Application vulnerabilities: The number of vulnerabilities found in the application.