Glossary
Domain
A division within your organisation on which you want to enforce an isolation of objects and the RBAC. Demo and Starter are reserved for internal features.
Perimeter
An organisation can split a domain and link its audits, risk assessments, and other relevant objects to it. Doesn't enforce RBAC.
Role
A bundle of permissions. Four roles are built-in:
- Domain Manager: can set up and access everything on a domain - Analyst: can input and read data, but cannot change the settings of a domain - Reader: can only read the items of a domain - Approver: can validate workflows on objects for a domain (eg, Risk Acceptance)
User group
A combination of a role and a domain, on which you can have your users. User groups are automatically created on your behalf whenever you create a domain
Reference Control
A template for a control that can be used as a reference and re-instantiated when needed.
Applied Control
The main component of the action plan. The actual action that you have implemented or will implement. It could be technical, process, policy, documentation, etc.
Evidence
A document, screenshot, config sample, etc., that can prove that an applied control has been properly implemented.
Task
Main component of the task management module. It can be a one-time thing, a periodic one. It supports assignment.
Catalog objects
Reusable objects of CISO Assistant, and are the building blocks of the library (Frameworks, threats, matrix, etc.)
Library
Container object that holds one or multiple catalog objects for CISO Assistant (e.g. Framework, matrix, etc.)
Framework
A set of requirements that covers patterns and expectations to comply with a regulation, prepare a certification, or establish a foundation.
Mapping
Based on the OLIR initiative and allows moving between a framework A to framework B while reusing the previous assessment.
Entity
Scope of an external review, usually the vendor / third party.
Solution
Product or service provided by the entity
Entity assessment
The actual review of the entity, which can trigger or be linked to an audit
Representative
The person that needs to answer the questionnaire and requirement of the entity assessment.
URN
Uniform Resource Name, used as a unique identifier to link to multiple CISO Assistant catalog objects.
Last updated
Was this helpful?