4. Analytics and filtering
The Analytics section in CSFaaS offers a rich, visual representation of the current cybersecurity posture and its evolution over time. These analytics enable decision-makers, auditors, and stakeholders to better understand where the organisation stands in terms of maturity and control implementation, and where improvements are required.
Policies – Maturity Levels Overview
This section provides a comprehensive visual representation of policy maturity levels across the organisation. It supports both current and target maturity views and uses standardised levels ranging from 0 (None) to 5 (Optimised). These levels are consistently applied across all analytics formats for alignment and comparability.
Visualisations Included:
Donut Charts (%):
Quickly highlight the proportion of maturity levels across:
- Policies domains
- Policies Categories
- Policies Subcategories
Each donut graph uses the maturity scale from 0 to 5, offering a high-level overview of how maturity is distributed across structural layers.
Sankey Diagram:
Visualises the flow between maturity functions (e.g. Detect, Protect, Respond) and their associated policies.
- Maturity levels (0–5) are colour-coded and traced throughout the diagram.
- Helps identify which functional areas are well-developed and which require attention.
- Useful for visualising policy distribution and any uncategorised items.
Heat Map:
(If implemented or planned) Provides a matrix-based view of maturity levels across domains, business units, or categories.
- Uses the same 0–5 maturity scale.
- Ideal for pinpointing concentrated weaknesses or strengths.
These tools offer an immediate and actionable understanding of cybersecurity policy maturity across the environment, supporting strategic improvement planning, compliance tracking, and resource prioritisation.
Controls Progression Overview
This section provides a detailed, visual breakdown of control implementation and maturity tracking across multiple dimensions. It offers a dual-layered approach:
- Global overview via donut charts, enabling quick insight into control distribution and progress.
- Detailed view through linear progression graphs, enabling in-depth analysis of individual control implementation status.
Visualisations Included:
Donut Charts
Each donut chart provides an aggregated view based on control metadata and progress bands (e.g. Red = 0–30%, Orange = 30–70%, Green = 70–100%). These include:
- Periodicity: Control review or implementation frequency.
- Weighting: Importance or impact level of controls.
- Current Maturity Level: Current effectiveness and implementation state.
- Target Maturity Level: Desired control maturity.
- Control Owner: Distribution of ownership responsibilities across the organisation.
- Control Types: Preventive, Detective, Corrective, etc.
- Control Functions: NIST-like functional alignment (Identify, Protect, Detect, etc.).
- Privacy Control Functions: Controls tied specifically to privacy requirements.
- Business Units: Control distribution by department or operational unit.
- Functional Domains: Mapping of controls to relevant business or technical domains.
Linear Progression Graphs
Below the global overview, each control is represented with a linear bar indicating its implementation progress, ranging from 0% to 100%. These visual bars reflect:
- Actual implementation effort completed.
- Quick visual identification of controls in early stages versus those fully implemented.
- Organised view by Policy > Category > Subcategory > Control for full traceability.