Arsenal Media Co — Security Operations Platform

Overall Score

MODERATE

▲ +4 pts from last month

Open Findings

ACTION

Across all domains

■ 4 Critical ■ 11 High ■ 8 Med

SaaS Apps

MONITORED

128

Active applications

12 unlicensed · 7 orphaned

Compliance

IN PROGRESS

68%

NIST CSF coverage

SOC 2: 54% · ISO: 41%

Risk by Domain

Identity & Access

Endpoint Security

SaaS Governance

Vendor Risk

Network & Cloud

Data Protection

Recent Activity

7 DAYS

TODAY · 09:12

Critical: 4 admin accounts without MFA in Workspace

APR 27 · 14:33

Vendor: CoreSync DPA renewal due in 18 days

APR 26 · 11:05

Resolved: Phishing IR closed via Shield IR

APR 25 · 08:44

SaaS: 12 apps without SSO flagged

APR 24 · 16:20

Compliance: NIST CSF updated — 68% coverage

Endpoint Coverage

Protected

847

Unmanaged

MFA Adoption

MFA Active

638

No MFA

262

Vendor DPAs

Executed

Missing

Total Apps

TRACKED

128

Active applications

▲ +7 from last quarter

Annual Spend

REVIEW

$284K

Annualized license cost

▼ $32K savings identified

SSO Coverage

PARTIAL

74%

Apps with SSO enabled

12 apps without SSO

Renewals Due

90 DAYS

Contracts expiring

3 this month · 5 next

Spend by Category

Productivity

$82K

Security Tools

$68K

Development

$51K

HR & Finance

$40K

Marketing

$28K

Other

$15K

Upcoming Renewals

App	Date	Cost	Status
CoreSync	May 12	$14K	DPA Due
Klaviyo	May 18	$8.4K	Review
Okta	Jun 1	$31K	Ready
CrowdStrike	Jun 8	$47K	Gap Open
Clearwatch MDR	Jun 15	$28K	Ready
Jamf Pro	Jun 22	$12K	Ready

Apps Without SSO

12 FLAGGED

App	Category	Users	Risk
Canva	Design	42	High
Trello	PM	28	High
Loom	Video	19	Med
Figma	Design	15	Med
Calendly	Scheduling	12	Med
Typeform	Forms	8	Low

License Waste

$32K

Unused seats >90d

$14K

Duplicate tools

$9.6K

Downgrade options

$6.8K

Shadow IT

$3.6K

NIST CSF

IN PROGRESS

Identify82%

Protect71%

Detect65%

Respond60%

Recover48%

SOC 2 Type II

GAP PHASE

Security (CC)63%

Availability (A)70%

Confidentiality (C)44%

Processing Int.39%

Privacy (P)48%

ISO 27001

EARLY STAGE

A.5 Policies60%

A.6 Org Controls45%

A.8 Asset Mgmt55%

A.9 Access Control62%

A.12 Operations28%

Open Compliance Gaps

18 ITEMS

Control	Framework	Description	Owner	Priority
CC6.1	SOC 2	Logical access provisioning not documented	IT Security	Critical
ID.AM-2	NIST CSF	Software asset inventory incomplete	IT Ops	Critical
A.12.4	ISO 27001	Event logging not centralized	IT Security	High
RS.CO-2	NIST CSF	Incident reporting criteria not defined	Legal	High
CC9.2	SOC 2	Vendor risk assessment undocumented	Procurement	Medium
RC.RP-1	NIST CSF	Recovery plan not tested in 12 months	IT Ops	Medium

Vendors Tracked

Active relationships

DPA Coverage

PARTIAL

60%

18 executed · 12 missing

High Risk

REVIEW

Vendors requiring action

Assessments Due

Annual reviews overdue

Vendor Risk Register

Vendor	Category	Risk	DPA	Last Review	Finding
CoreSync	Platform/API	High · 68	Renew	Mar 2026	API platform migration; EDR coverage gap
Klaviyo	Email/Marketing	Med · 54	Review	Feb 2026	MSA clause 7.3 under legal review
CrowdStrike	EDR/Security	Low · 22	Done	Jan 2026	Coverage gap on contractor fleet (53 devices)
Clearwatch MDR	MDR/SIEM	Low · 18	Done	Jan 2026	Clean assessment
Okta	IAM/SSO	Low · 20	Done	Dec 2025	Clean assessment
AWS	Cloud Infra	Med · 41	Done	Nov 2025	IAM least-privilege gaps in 3 accounts
Shield IR	Phishing IR	Low · 24	Draft	Apr 2026	DPA in draft; IR contract active

Risk Distribution

Low Risk (0–30)

Medium (31–59)

High (60–79)

Critical (80+)

DPA Status

EXECUTED

18 vendors — DPAs signed and on file

IN REVIEW

5 vendors — Legal review in progress

MISSING

7 vendors — No DPA on file; outreach required

Total Identities

900

Users + contractors

638 employees · 262 contractors

MFA Coverage

RISK

71%

639 enrolled / 261 without

▼ 4 admins without MFA

Orphaned Accounts

ACTION

Inactive >90 days

12 with active app access

Privileged Accounts

Admin / elevated roles

6 without PAM controls

MFA by Department

Security / IT

98%

Engineering

95%

Finance

88%

Production/Media

72%

Executive

63%

Contractors

41%

Critical Findings

5 OPEN

CRITICAL · ADMIN ACCESS

4 admin accounts in Workspace without MFA — immediate remediation required

HIGH · ORPHANED

12 former contractor accounts retain active SaaS access post-offboarding

MEDIUM · PRIVILEGE

6 privileged accounts without PAM logging — admin actions unaudited

MEDIUM · ACCESS REVIEW

Quarterly access review overdue — 34 accounts flagged

SSO by App Category

Security Tools

100%

Productivity

88%

Development

82%

HR & Finance

75%

Marketing

48%

Design / Creative

38%

Privileged Access

Role	Count	MFA	PAM
Global Admin	6	4/6	2/6
Cloud Root	4	4/4	3/4
Domain Admin	3	3/3	3/3
Security Admin	5	5/5	5/5
Finance Admin	4	3/4	1/4
App Admins	6	3/6	0/6

Open Incidents

ACTIVE

In active investigation

0 critical · 2 medium

Alerts (30d)

847

Total alerts generated

94% auto-closed · 6% reviewed

Phishing (30d)

Attempts detected

1 escalated · all contained

MTTD / MTTR

HEALTHY

4.2h

MTTD

18h

MTTR

Alert Volume by Source

CrowdStrike EDR

412

Clearwatch MDR

268

Google Workspace

124

Meraki Network

Shield IR

Alert Triage

Auto-closed

796

Reviewed

Escalated

Incident Log — Last 30 Days

ID	Date	Type	Severity	Status	Summary
INC-041	Apr 28	IAM	Medium	Open	Admin login from unrecognized IP
INC-040	Apr 26	Phishing	Medium	Closed	Credential harvest attempt — contained by Shield IR
INC-039	Apr 22	Endpoint	High	Closed	Suspicious process on contractor device — quarantined
INC-038	Apr 19	SaaS	Medium	Closed	Unauthorized OAuth app — Workspace access revoked
INC-037	Apr 14	Network	Medium	Open	Anomalous outbound traffic — investigation ongoing
INC-036	Apr 9	Phishing	Low	Closed	BEC simulation — user reported correctly