Composite Posture
Composite Posture is a single 0–100 score that summarizes an organization's overall cybersecurity posture. It's computed as a weighted average of six subscores aligned with NIST CSF 2.0: Detection (0.20), Response (0.18), Prevention (0.18), Identity (0.16), Recovery (0.14), and Awareness (0.14). In CISO Game, the win condition at Year 5 requires Composite Posture ≥ 60.
Where this term fits in a CISO program
Composite Posture is one of 35 cybersecurity strategy concepts CISO Game models live. Composite Posture appears throughout the simulation — in the risk register, the investment catalog, and the mechanics reference — so a player encounters the concept in context rather than as an isolated definition.
See it in play
The fastest way to internalize Composite Posture is to watch it move during a 5-year program. Start a free CISO Game run to see how this concept interacts with budget, hiring, and incident response across 20 quarters of strategic play.
Related glossary terms
- Board ConfidenceA 0–100 metric tracking how the board of directors feels about your security pro…
- Business FrictionA 0–100 metric measuring how much your security controls slow the business down.…
- Continuous Control Monitoring (CCM)Tooling that automatically and continuously verifies security controls are in pl…
- Cumulative OverspendThe running total of every dollar spent above the annual budget across all years…
← Business Friction · All terms · Continuous Control Monitoring (CCM) →