Methodology
The assessment is designed for leadership clarity: it emphasizes enforceable controls, usable evidence, and accountable ownership.
What the scores represent
The assessment produces an overall Security Reality Index (SRI) plus four section scores: Cloud Reality, Container/K8s Reality, Coverage Truth, and Governance & Ownership.
Each section is derived from a small set of outcome-oriented questions (e.g., enforcement, review cadence, exception handling). Answers are mapped to a 0–100 scale.
Illusion Index (reporting vs evidence)
Many programs look strong on dashboards but struggle to produce evidence quickly or consistently. The Illusion Index estimates that gap by contrasting “coverage on paper” with evidence-oriented answers. Higher values indicate greater risk of executive surprise.
Confidence
Confidence increases when evidence-related questions are answered. Low confidence is not a failure; it signals that leadership should treat the output as directional and prioritize evidence gathering.
Recommended reading
Build the full picture: model → metrics pitfalls → how to close the gap.