Risk Insights within the CCMM framework are Level 3 correlation indicators that provide early warnings and actionable intelligence by combining operational performance, control of health and risk signals. The model is built on three levels: KPIs measure process performance, KCIs assess control effectiveness and KRIs deliver strategic risk views. Together, these insights translate complex data into scenario‑based intelligence, enabling leaders to identify emerging risks and take proactive action before issues materialize.

Users can access the Risk Insights Dashboard from Kyndryl Bridge by following these steps:

Go to
Kyndryl Bridge Platform

Navigate the hamburger menu and select
Continuous
Controls Monitoring and Management

Click
Risk Insights

The Configuration Drift Risk Index (CDRI) dashboard highlights critical configuration risks and recommends immediate escalation actions to reduce potential impact. The following three sections are displayed on this dashboard:

The following

Key Risk Indicators

are displayed to users:

Total Risk Score:
Risk scores show the percentage level of risk detected.

CHI (Compliance Health Index):
It is calculated as the average of the organization’s Compliance Posture and Depth View scores.

NCR (Non-Compliance Risk):
Measures the proportion of assets that do not meet defined compliance requirements.

SCE (Scan Coverage Effectiveness):
Measures how thoroughly security scans cover the organization’s identified assets.

The

Weighting Considered

graph illustrates how each key indicator is weighted to calculate the overall risk score.

The

Level 1 Indicators

table on the right side of the graph enables users to analyze the following:

Indicator Name:
Identifies the specific metric used to track compliance, risk, or asset coverage within the environment. The following categories are available:
Overall Compliance Posture
Non-Compliant Asset Count
Compliance Depth View
Scan Coverage Adherence
Total Managed Assets

Value:
Represents the quantitative measurement associated with the indicator, expressed as a percentage or numeric count.

Compliance Posture:
Indicates the classification used to group the indicator value into predefined compliance categories for improved visibility and prioritization.

The Internet‑Facing Exposure Risk Index (IFERI) dashboard indicates a high‑risk condition, requiring remediation within 30 days to reduce exposure. The following three sections are displayed on this dashboard:

The following

Key Risk Indicators

are displayed to users:

Total Risk Score:
Risk scores are categorized into four severity levels to guide prioritization and response actions.

ICI (Internet-Facing Compliance Index):
Compliance level of internet exposed assets.

IFVR (Internet-Facing Vulnerability Risk):
Risk from vulnerabilities on internet exposed assets.

IFPG (Internet-Facing Patch Gap):
Missing security patches on internet exposed assets.

The

Weighting Considered

graph illustrates how each key indicator is weighted to calculate the overall risk score.

The

Level 1 Indicators

table on the right side of the graph summarizes the organization’s overall compliance status and enables users to analyze the following:

Indicator Name:
Identifies the specific metric used to track compliance, risk, or asset coverage within the environment. The following categories are available:
Internet Facing Assets
Internet Facing Non-Compliant Assets
Internet Facing Vulnerable Assets
Internet Facing Unpatched Critical Assets
Total Internet Facing Compliant Assets

Value:
Represents the quantitative measurement associated with the indicator, expressed as a percentage or numeric count.

Compliance Posture:
Indicates the classification used to group the indicator value into predefined compliance categories for improved visibility and prioritization.

The Vulnerability Exposure Index (VEI) dashboard indicates a low‑risk condition. Ongoing monitoring is recommended on a quarterly basis. The following three sections are displayed on this dashboard:

The following

Key Risk Indicators

are displayed to users:

Total Risk Score:
Risk scores are categorized into four severity levels to guide prioritization and response actions.

VSI (Vulnerability Severity Index):
Overall severity of identified vulnerabilities

KEVR (Known Exploited Vulnerability Risk):
Risk from vulnerabilities that are actively exploited.

SCG (Scan Coverage Gap):
Difference between expected and actual scan coverage.

RLI (Remediation Lag Index):
Time delay between detection and remediation.

The

Weighting Considered

graph illustrates how each key indicator is weighted to calculate the overall risk score.

The

Level 1 Indicators

table on the right side of the graph summarizes the organization’s overall compliance status and enables users to analyze the following:

Indicator Name:
Identifies the specific metric used to track compliance, risk, or asset coverage within the environment. The following categories are available:
KEVs
Vulnerabilities Per Scan
Oldest Critical
Unscanned Assets
Critical

Value:
Represents the quantitative measurement associated with the indicator, expressed as a percentage or numeric count.

Compliance Posture:
Indicates the classification used to group the indicator value into predefined compliance categories for improved visibility and prioritization.

The Patch Management Effectiveness Index (PMEI) dashboard indicates a medium‑risk condition, with remediation recommended within 60 days. The following three sections are displayed on this dashboard:

The following

Key Risk Indicators

are displayed to users:

Total Risk Score:
Risk scores are categorized into four severity levels to guide prioritization and response actions

PSCI (Patch SLA Compliance Index):
Measures how consistently patches are applied within defined SLA timelines.

CPBR (Critical Patch Backlog Risk):
Indicates the volume of critical patches that remain unapplied over time.

PLDL (Patch Deployment Lag):
Measures the average delay between patch release and deployment.

PSE (Patch Sucess Effectiveness):
Indicates how successfully patches are deployed without errors or rollbacks.

The

Weighting Considered

graph illustrates how each key indicator is weighted to calculate the overall risk score.

The

Level 1 Indicators

table on the right side of the graph summarizes the organization’s overall compliance status and enables users to analyze the following:

Indicator Name:
Identifies the specific metric used to track compliance, risk, or asset coverage within the environment. The following categories are available:
Average Time to Patch ( MTTP)
Patch Backlog - Low
Patch Backlog - Medium
Patch Backlog - High
Patch Backlog - Critical

Value:
Represents the quantitative measurement associated with the indicator, expressed as a percentage or numeric count.

Compliance Posture:
Indicates the classification used to group the indicator value into predefined compliance categories for visibility and prioritization.

The Asset Lifecycle Risk Score (ALRS) dashboard indicates a critical risk condition, requiring immediate escalation to mitigate potential impact. The following three sections are displayed on this dashboard:

The following

Key Risk Indicators

are displayed to users:

Total Risk Score:
Risk scores are categorized into four severity levels to guide prioritization and response actions

EAP (EOL/EOS Asset Prevalence):
Indicates the proportion of assets that have reached end‑of‑life (EOL) or end‑of‑support (EOS).

BCER (Business-Critical EOL Risk):
Measures the risk posed by EOL or EOS assets that support business‑critical services.

IFEE (Internet-Facing EOL Exposure):
Indicates the exposure risk of internet‑facing assets that are at EOL or EOS.

RUI (Remediation Urgency Index):
Reflects how urgent remediation actions are required based on risk severity and exposure.

The Weighting Considered graph illustrates how each key indicator is weighted to calculate the overall risk score.

Summarizes the organization’s overall compliance status. Level indicators offer comprehensive information regarding:

Indicator Name:
Identifies the specific metric used to track compliance, risk, or asset coverage within the environment. The following categories are available:
Total EOL/EOS Assets
Software EOL Percentage
Hardware EOL Count
Hardware EOS Count
Average Age of EOL Assets

Value:
Represents the quantitative measurement associated with the indicator, expressed as a percentage or numeric count.

Compliance Posture:
Indicates the classification used to group the indicator value into predefined compliance categories for improved visibility and prioritization.