The top three graphs in the Governance Dashboard represent the Three Dimensions which tell a story of the organization’s cyber risk maturity. They are displayed as separate rings because it is easier to spot trends in this way, but in fact these functions are intricately linked. Each of the 10 Domains contains controls that are represented in each of the Dimensions. A control can only exist in 1 Dimension. A high level summary of each dimension is below.
Risk Management – This Dimension measures an organization’s formal processes, policies, and methods of identifying risks and entering them into a decision-making framework.
Risk Culture – This Dimension measures how deeply into the organization that Risk Management principles are propagated. For example, are Human Resources and Procurement involved in the Risk Management process? If so, to what degree?
Risk Influence – This Dimension measures those same Risk Management principles as they are applied to vendor, supplier, and partner relationships.
As you hover over each outer color, a box will appear with additional information (shown in the picture above). In this example, "Level 3 - Implemented: 27."
Level - The Levels correlate with the NIST Maturity Levels. These range from 1-4 depending on the complexity of the control.
Implemented - The number of controls implemented in each dimension for the listed NIST Maturity Level.