PII vulnerability exposure
Use the PII vulnerability exposure dashboard in Risk Monitor to get an overview of your organization's exposure to vulnerabilities present within applications that could contain personally identifiable information (PII).
Description
The charts show the distribution of vulnerabilities between PII types, like for example financial information or location data, allowing you to focus on PII types of special concern to your organization.
You can filter the data to focus on the PII vulnerability status of a certain parameter All key figures, charts, and tables will adjust to show the results filtered by the selected parameter. Use the filters to focus on, for example:
-
A specific vulnerability (CVE ID); if it is connected to a PII risk application present in your organization, and if so, what devices are affected.
-
A specific application in your organization; if it is a vulnerable PII risk application, and if so, what devices are affected.
-
A specific device in your organization; if it has any vulnerable PII risk applications installed, and if so, details of the applications, like name and PII type classification.
-
A specific user in your organization; if the user has access to any vulnerable PII risk applications, and if so, details of the applications, like name and PII type classification.
-
All PII risk vulnerabilities within a specific department in the organization.
-
All vulnerable PII risk applications that have been accessed by unauthorized users.
Related use cases
For information on related uses cases, see the following sections:
Characteristics
You can refer to the tables below for descriptions of the key figures, filters, charts, and tables on the dashboard.
Key figures
The key figures give a quick overview of the status of your IT estate's exposure to vulnerabilities in PII risk applications.
Key figure | Description |
---|---|
Vulnerable PII risk devices | The number of devices with at least one vulnerable PII risk application installed. |
Vulnerable PII risk applications | The number of vulnerable PII risk applications. |
PII application vulnerabilities | The total number of vulnerabilities found in PII risk applications. |
Filters
Use one or more filters to focus on specific aspects of your IT estate's exposure to PII software vulnerabilities. All the key figures, charts, and tables on the dashboard will adjust to show the results filtered by the selected parameter or parameters.
Filter | Description |
---|---|
Application name | Select an application from the list of vulnerable applications to see if it is a PII risk application. The charts will show the PII type classification for the vulnerability. The table PII application details will list all devices with the vulnerable PII risk application installed. If the application is not a PII risk application, the page will show blank results. Tip: Right-click the number in the Application vulnerabilities column and select Drill through > Vulnerability reference to reach links to security updates and patches for the vulnerabilities. |
Organization | Select an organizational unit from the list to see its exposure to PII software vulnerabilities. |
User authorised | Select False to see if any unauthorized users have accessed vulnerable PII risk applications. An unauthorized user breaches the rules for accessing applications that have been set on the Intended access page. |
User | Select a user from the list to see if any vulnerable PII risk applications are installed on devices connected to that user. |
CVE ID | Select a CVE ID from the list to see if the vulnerability connected to the CVE ID concerns a PII risk application that is present in your organization. The charts will show the PII type classification for the vulnerability. The table PII application detail will list all devices containing the vulnerability. If the vulnerability does not concern a PII risk application, the dashboard will show blank results. Tip: Right-click the figure in the Application vulnerabilities column and select Drill through > Vulnerability reference to reach links to security updates and patches for the vulnerabilities. |
Device name | Select a device name from the list to see if any vulnerable PII risk applications are installed on the device. The table PII application details will list all vulnerable PII risk applications installed on the device. If no vulnerable PII risk applications are installed on the device, the dashboard will show blank results. |
Charts
The charts show the distribution of vulnerabilities between PII types.
You can select a bar in a chart to focus on a certain aspect of a specific PII type, for example, applications that may contain financial information or critical vulnerabilities in applications that may contain location data. All the key figures, charts, and tables on the page will adjust to show the results filtered by the selected item.
Chart | Description |
---|---|
Vulnerable devices - by PII type | Groups the vulnerable PII risk devices by PII type. Each device can belong to more than one PII type. |
Vulnerable applications - by PII type | Groups the vulnerable PII risk applications by PII type. Each application can belong to more than one PII type. |
Vulnerabilities - by PII type | Groups the PII application vulnerabilities by PII type. For each PII type, the number of vulnerabilities are divided by base severity. |
Tables
Use the table to look up details about vulnerable PII risk applications in your IT estate.
Select a column header to sort the table by that column.
Table | Description |
---|---|
PII application details | Unfiltered, the table includes all vulnerable PII risk applications in your IT estate. The following details are shown in the table:
|