Glossary

Security teams use metrics called risk indicators or key risk indicators (KRIs) to measure the company’s cyber risk and prioritize remediation and mitigation efforts. Risk indicators include things like common vulnerabilities and exposures (CVEs), invalid certificates, previously unknown shadow IT, credential exposure, non-compliance with security policies, compromised files, instances of malware, TLS/SSL certificate misconfigurations, weak encryption methods, and any other factor that contributes to the company’s risk profile.