CISO Assistant
  • 👋Welcome to CISO Assistant
  • Guide
    • Installation
    • Understanding decoupling
    • General tips
    • Journeys
    • 🏗️Creating your first perimeter
    • ✅Creating your first Audit
    • 📊Creating your first risk assessment
    • 🔎Overview
    • 🧰Extra tools
    • 🌐External resources
    • Understand mapping
    • Glossary
    • Data import wizard
  • Features highlight
    • Controls autosuggestion
    • Multi-level support
    • Flash mode
    • Evidences from clipboard
    • Library upgrade
    • Mapping explorer
    • SSO
      • Microsoft Entra ID
      • Okta
      • Keycloak
      • Google Workplace
    • Setting up Multi-Factor Authentication (MFA)
  • Model
    • 📁Organization
      • Add and manage users
      • User Groups
    • ⚙️Context
    • 🏛️Governance
    • 💣Risk
    • 📋Compliance
  • Deployment
    • Prerequisites
    • Local
    • Remote/Virtualization
    • Deploy on a VPS
    • Frequent questions
    • Setting up mailer
    • Updating your local instance
    • Helm Chart
    • Special cases
    • Upgrading a library
  • ✨Customization
    • Getting your custom framework
    • CIS Controls
    • Changing the language
  • Contributing
    • Internationalization
      • Translating the interface
    • Submit a library
  • Academy
    • Overview
    • Third Parties Risk Management
    • Etude EBIOS RM
Powered by GitBook

Community

  • Github
  • Discord

intuitem

  • Home
  • SaaS trial

© intuitem, 2018-2024

On this page

Was this helpful?

Export as PDF
  1. Guide

Glossary

Concept
Explanation

Domain

A division within your organisation on which you want to enforce an isolation of objects and the RBAC. Demo and Starter are reserved for internal features.

Perimeter

An organisation can split a domain and link its audits, risk assessments, and other relevant objects to it. Doesn't enforce RBAC.

Role

A bundle of permissions. Four roles are built-in:

- Domain Manager: can set up and access everything on a domain - Analyst: can input and read data, but cannot change the settings of a domain - Reader: can only read the items of a domain - Approver: can validate workflows on objects for a domain (eg, Risk Acceptance)

User group

A combination of a role and a domain, on which you can have your users. User groups are automatically created on your behalf whenever you create a domain

Reference Control

A template for a control that can be used as a reference and re-instantiated when needed.

Applied Control

The main component of the action plan. The actual action that you have implemented or will implement. It could be technical, process, policy, documentation, etc.

Evidence

A document, screenshot, config sample, etc., that can prove that an applied control has been properly implemented.

Task

Main component of the task management module. It can be a one-time thing, a periodic one. It supports assignment.

Catalog objects

Reusable objects of CISO Assistant, and are the building blocks of the library (Frameworks, threats, matrix, etc.)

Library

Container object that holds one or multiple catalog objects for CISO Assistant (e.g. Framework, matrix, etc.)

Framework

A set of requirements that covers patterns and expectations to comply with a regulation, prepare a certification, or establish a foundation.

Mapping

Based on the OLIR initiative and allows moving between a framework A to framework B while reusing the previous assessment.

Entity

Scope of an external review, usually the vendor / third party.

Solution

Product or service provided by the entity

Entity assessment

The actual review of the entity, which can trigger or be linked to an audit

Representative

The person that needs to answer the questionnaire and requirement of the entity assessment.

URN

Uniform Resource Name, used as a unique identifier to link to multiple CISO Assistant catalog objects.

PreviousUnderstand mappingNextData import wizard

Last updated 1 month ago

Was this helpful?