Reporting tools and dashboards allow you to have visibility into your overall security posture, which in turn allows you to understand the information security risk associated with an information system. Many of the tools that you implement as part of your information security program support this requirement and can be used in conjunction with an enterprise reporting tool, or can be used to feed an overall enterprise tool.

Governance risk and compliance: Tools that allow the information security program to:

• Distribute the information security policy to project teams
• Maintain mapping of the organizational information security policy against applicable compliance standards
• Test information system implementation of controls against the organizational information security policy
• Perform risk assessment and schedule mitigations
• Provide reporting of the organization's information security risk posture