CISO Assistant
  • 👋Welcome to CISO Assistant
  • Guide
    • Installation
    • Understanding decoupling
    • General tips
    • Journeys
    • 🏗️Creating your first perimeter
    • ✅Creating your first Audit
    • 📊Creating your first risk assessment
    • 🔎Overview
    • 🧰Extra tools
    • 🌐External resources
    • Understand mapping
    • Glossary
    • Data import wizard
  • Features highlight
    • Controls autosuggestion
    • Multi-level support
    • Flash mode
    • Evidences from clipboard
    • Library upgrade
    • Mapping explorer
    • SSO
      • Microsoft Entra ID
      • Okta
      • Keycloak
      • Google Workplace
    • Setting up Multi-Factor Authentication (MFA)
  • Model
    • 📁Organization
      • Add and manage users
      • User Groups
    • ⚙️Context
    • 🏛️Governance
    • 💣Risk
    • 📋Compliance
  • Deployment
    • Prerequisites
    • Local
    • Remote/Virtualization
    • Deploy on a VPS
    • Frequent questions
    • Setting up mailer
    • Updating your local instance
    • Helm Chart
    • Special cases
    • Upgrading a library
  • ✨Customization
    • Getting your custom framework
    • CIS Controls
    • Changing the language
  • Contributing
    • Internationalization
      • Translating the interface
    • Submit a library
  • Academy
    • Overview
    • Third Parties Risk Management
    • Etude EBIOS RM
Powered by GitBook

Community

  • Github
  • Discord

intuitem

  • Home
  • SaaS trial

© intuitem, 2018-2024

On this page
  • Threat
  • Reference control
  • Applied control
  • Asset

Was this helpful?

Export as PDF
  1. Model

Context

This is the place to define the context for risk and compliance management. All items here are optional.

Threat

A threat is the potential cause of an incident that may result in a breach of information security or compromise business operations (ISO 27000). Threats are used to clarify the aim of a requirement or an applied control. They are informative, assessments can be realized without using them. Threats can be imported from a library, but you can create your own threats in the global domain or in a specific domain.

Reference control

Reference controls are templates for applied controls. They facilitate the creation of an applied control, and help to have consistent applied controls. They are optional, but recommended. Reference controls can be provided by security frameworks that are imported from a library, but you can create your own reference controls in the global domain or in a specific domain.

Applied control

Applied controls are fundamental objects for compliance and remediation. They can derive from a reference control, which provides better consistency, or be independent. Applied controls are always defined by the entity and can be attached to the global domain or in a specific domain.

Asset

An asset refers to any piece of information that holds value to an organization. These assets can be digital or physical and encompass a wide range of data types, including customer records, financial information, intellectual property, employee records, proprietary software, marketing materials, and more. Assets are always defined by the entity and can be attached to the global domain or in a specific domain. There are two types of assets:

  • Primary assets are core resources directly contributing to an organization's main objectives, like machinery or intellectual property.

  • Support assets indirectly aid primary functions, such as IT systems or administrative services.

PreviousUser GroupsNextGovernance

Last updated 4 months ago

Was this helpful?

⚙️