Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
CISO dashboardMain dashboard overview
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

CISO dashboard

Monitor information security KPIs and risk posture from the CISO dashboard.

The CISO Console is your bird's-eye view of how all the assets in your organization are doing on risk, month after month. Instead of opening one asset at a time, you see the whole estate rolled up against a chosen risk standard — for example, ISO 27001 or GDPR — with a clear picture of where the average risk sits, how many scenarios are above the acceptable threshold, and how those numbers are trending. It's the screen most Information Security and Data Protection leaders open before steering committees, audits, or quarterly reviews.

This page is also a launchpad. From the same screen you can spotlight individual risk scenarios to study them in detail, and — if your role allows it — jump straight into Risk Settings to adjust the threshold that drives all the calculations behind the chart.

How to open it

Open the main left-hand menu and click Asset Risk TreatmentCISO Console. The URL is /ciso.

The CISO Console is available to anyone whose role allows access to the asset risk treatment area — typically CISOs, Information Security Managers and Coordinators, Risk Managers, DPOs, and auditors with read-only access. Some controls on the page (notably the link to edit the threshold) only appear as clickable links if you also have permission to manage risk settings; if you only have read access, you'll see the same information but the link is rendered as plain text.

Screenshot

What you see

The screen opens with a deep blue header bar showing the title Asset Risk Treatment and the subtitle CISO Console. To the right of the title is a standard selector that controls which risk framework (ISO 27001, NIST, GDPR, or any custom standard your organization has configured) the dashboard evaluates against, plus a dedicated search box for narrowing the data feeding the charts.

Below the header, the page is organized as two big stacked cards:

  • Risk Monitor — All Assets: the main chart showing the distribution of risk across all your assets, month by month. A small legend on the left explains the colors and markers; the chart on the right shows one stacked bar per month, with an info panel that opens for the bar you select.
  • Spotlighted Scenarios: a second card where you can pick specific risk scenarios and see their individual history charts, side by side. Each spotlighted scenario gets its own miniature time series.

If the platform is still loading data, a centered spinner appears while the period plan and monthly summaries are fetched. If the selected standard has no risk model configured yet, you'll see a No data found placeholder instead of the cards.

Working with this screen

Checking your overall risk posture before a steering meeting

When the page opens, the first thing to confirm is that the standard selector at the top right of the header shows the framework you want to report on. If you maintain compliance against several frameworks — for example ISO 27001 for information security and an internal proprietary standard — switching the dropdown reloads the entire dashboard against the new standard's risk model and threshold.

Once the right standard is loaded, look at the Risk Monitor — All Assets card. By default the bar for the current month is already selected (highlighted in light grey), and an info panel slides out to the right showing the key numbers for that month:

  • The Risk Trend arrow tells you whether the average residual risk has gone up, stayed flat, or come down compared to the previous month.
  • Assets shows how many assets are in scope for that month, and Assets with asset-specific risk management tells you how many of them override the group-level risk model with their own.
  • Scenarios above threshold and Scenarios below threshold count the risk scenarios that need attention versus those already in the acceptable zone.
  • Scenarios insured and Residual risk(s) accepted summarize how many risks have been transferred via insurance or formally accepted.
  • TOMs to be implemented shows how many technical and organizational measures are still pending across the treatment plan.

To compare with last month, simply click the bar to the left of the selected one — the info panel updates instantly. To go further back, use the left chevron (◀) under the chart; if you reach the edge of what's loaded, the platform fetches the next month of history automatically. Use the right chevron (▶) to step forward into projected months — these are months in the future for which residual risk has been forecast based on your current treatment plan, and they're labelled with a small PROJECTION tag under the bar. Projections go up to six months ahead.

Spotlighting a specific risk scenario

When you want to dig deeper than the aggregate picture — for example, to understand how your "ransomware" or "unauthorized data access" scenarios are evolving — scroll down to the Spotlighted Scenarios card.

  • Type the name or identifier of the scenario in the search field at the top of the card (the placeholder reads "Spotlight a Scenario by searching the Scenario name or ID."). The system searches as you type, with a brief loading indicator on the right.
  • From the dropdown, click the scenario you want to follow. Each option shows a small color bar matching the scenario's average risk category, plus its code and name.
  • Once selected, the scenario appears as a small chip directly under the search field, and a brand new chart appears below — a miniature history chart dedicated to that scenario alone, scrollable across months and projections with its own left/right chevrons.
  • Click any bar in that mini chart to see the per-scenario info panel: total assets affected, how many are above or below the target, insured scenarios, accepted residual risks, and pending TOMs.
  • Add up to five scenarios at the same time to compare them side by side. Each one gets its own row.
  • To remove a scenario, click the small X on its chip — its chart disappears immediately.

If a scenario you spotlight has not yet been linked to any asset, the chart is replaced by a small warning row reading "Not applied to any asset". That's a hint that you should go to the Risk Scenarios module and link the scenario to the relevant assets before expecting any time-series data here.

Adjusting the general threshold from the dashboard

The dashed black line crossing each bar — labelled Applicable Threshold in the legend on the left — is the mitigation threshold for the selected standard. Bars sticking above the line are in the above threshold zone (residual risk is unacceptable), bars below are in the below threshold zone (acceptable).

If your role allows you to change risk settings, the General Threshold badge under the legend item is rendered as a clickable link. Clicking it takes you straight to the Risk Settings → Edit Asset Risk page for the standard you're currently viewing, where you can change the threshold value. After saving and returning to the CISO Console, the dashed line will reflect the new threshold across every monthly bar.

If you only have read-only access to risk settings, the same badge appears but as plain text — that's a permission setting, not a screen issue. Ask your administrator to grant you the relevant role if you need to make changes.

Reviewing a quarter for an audit

Auditors typically follow a simple loop on this screen:

  • Confirm the standard selector matches the framework in the audit scope.
  • Use the left chevron to step back through the last three (or more) months and click each bar in turn.
  • For each month, capture the values shown in the info panel — Risk Trend, Scenarios above threshold / below threshold, TOMs to be implemented, and Residual risk(s) accepted.
  • If specific scenarios are in scope, spotlight them in the second card and capture their per-scenario timelines too.

Because the screen always shows the current state of the data, your screenshots and notes are guaranteed to be consistent with what other users see at the same moment.

Field reference

The standard selector and the search bar in the header behave as filters that affect everything on the screen:

  • Standard — the risk framework against which the dashboard is evaluated. Changing it reloads all charts and info panels using the chosen standard's risk model and threshold. Your last choice is remembered the next time you open the screen.
  • Search (header) — narrows the data the dashboard shows to a subset of scenarios, without changing the selected standard. The search is disabled until a standard is picked.
  • Spotlight a Scenario (search field in the second card) — filters the catalogue of risk scenarios as you type and lets you add up to five of them to the dashboard. Already-selected scenarios are excluded from the dropdown to avoid duplicates.

The info panel that opens when you click a monthly bar is informational, not editable. Singular vs plural labels (e.g. 1 Asset vs 3 Assets) switch automatically based on the count.

How this connects to the rest of DPMS

The CISO Console is the top of a pyramid of risk-treatment screens. The numbers it displays are computed from data maintained elsewhere in the platform:

  • Risk Settings defines the risk model, the categories and colors, and the general threshold for each standard. Without a risk model, the dashboard has nothing to draw — that's exactly the case where you see No data found.
  • Risk Scenarios populates the catalogue used by the spotlight search. A scenario only shows time-series data here if it has been linked to at least one asset.
  • The Asset and Asset Group modules are where individual assets get linked to scenarios and where asset-specific thresholds can override the general one.
  • The Risk Treatment Plan module is where TOMs are tracked, residual risks are accepted, and insurance is recorded — those numbers feed the TOMs to be implemented, Residual risk(s) accepted and Scenarios insured counters in the info panel.

After you finish reviewing on the CISO Console, the natural next steps depend on what you found:

  • If many scenarios are above threshold, open the Risk Treatment Plan to add or schedule more TOMs.
  • If a specific asset is the source of the problem, open it from the Asset module to inspect its scenarios and apply mitigations directly.
  • If the threshold itself feels too tight or too loose, jump into Risk Settings via the General Threshold shortcut.

Tips & common pitfalls

Tip: Always verify the standard selector before reading numbers. Two different standards can produce very different "above threshold" counts on the exact same set of assets.
Heads up: Projections only extend six months into the future. If the right chevron stops working, you've reached the maximum projection horizon — there's no setting on this screen to extend it.
  • The current month is pre-selected. When you open the screen, the info panel always shows this month. To compare with last month, click the bar to its left — the chart will not auto-scroll for you.
  • "Above" and "below" are relative to the threshold, not to the average. A scenario above threshold needs more attention; below threshold is in the acceptable zone.
  • Spotlight is capped at five scenarios. Once five are selected the search dropdown will appear empty. Remove one with its X to add another.
  • The threshold link visibility depends on your role. If the General Threshold label is plain text instead of a clickable link, you don't have edit permission for risk settings — that's a role assignment, not a bug.
  • "Not applied to any asset" is informational. A scenario can exist in the catalogue without yet being linked to any asset; in that case the dashboard correctly tells you there's no time-series to draw. Go to the Risk Scenarios module to link it before you expect a chart here.
  • No risk model = no chart. The most common cause of a No data found screen is a standard whose risk model has never been configured. Switch standards or visit Risk Settings to configure one.


Was this article helpful?

English
Powered by Product Fruits