# Core concepts

### Introduction

CISO Assistant is a cyber security program management platform designed around centralisation, reusability and integration.

It covers multiple areas related to GRC (Governance, Risk and Compliance) but extends that to other concepts usefull to cybersecurity practitioners.

The platform is open source and available as two editions:

* Community (free, self-hosted, core features, community support)
* Pro (annual subscription, SaaS or On-premises, core & premium features, priority support)

### Overview

### Definitions

<table><thead><tr><th width="229.4375">Concept</th><th>Details</th></tr></thead><tbody><tr><td>Domain</td><td>Organisational Unit to match your structure, and it will enforce isolation and RBAC</td></tr><tr><td>Perimeter</td><td>Logical split of the organisation unit to scope a study or assessemnt </td></tr><tr><td></td><td></td></tr><tr><td>Reference control</td><td>Template of a control that holds default attributes - doesn't have a lifecycle</td></tr><tr><td>Applied control</td><td>Can be a projection of the reference control or independent, and is scoped to a domain. Has a lifecycle and extra attributes.</td></tr><tr><td>policy</td><td>Special type of applied control that is focused on governance guidelines</td></tr><tr><td></td><td></td></tr><tr><td>Asset</td><td></td></tr><tr><td>Primary asset</td><td></td></tr><tr><td>Supporting asset</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Audit</td><td>Tracking of the compliance result against the requirements of a given framework</td></tr><tr><td>Mapping</td><td></td></tr><tr><td>Campaign</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Library</td><td></td></tr><tr><td>Framework</td><td></td></tr><tr><td>Requirement</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Risk assessment</td><td></td></tr><tr><td>Risk scenario</td><td></td></tr><tr><td>Threat</td><td></td></tr><tr><td>Vulnerability</td><td></td></tr><tr><td>Current risk</td><td></td></tr><tr><td>Residual risk</td><td></td></tr><tr><td>Inherent risk</td><td></td></tr><tr><td></td><td></td></tr><tr><td>CRQ study</td><td></td></tr><tr><td>Quant Risk scenario</td><td></td></tr><tr><td>Quant Risk hypothesis</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Task</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Evidence</td><td></td></tr><tr><td>Revision</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Entity</td><td></td></tr><tr><td>Solution</td><td></td></tr><tr><td>Representative</td><td></td></tr><tr><td>Entity assessment</td><td></td></tr><tr><td>Contract</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Processing</td><td></td></tr><tr><td>Right request</td><td></td></tr><tr><td>Data breach</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Incident</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Follow-up</td><td></td></tr><tr><td>Finding</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Metric definition </td><td></td></tr><tr><td>Metric instance</td><td></td></tr><tr><td>Metric sample</td><td></td></tr><tr><td>Dashboard</td><td></td></tr><tr><td>Dashboard widget</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Accreditation</td><td></td></tr><tr><td>Generic collection</td><td></td></tr><tr><td></td><td></td></tr><tr><td>Terminology</td><td></td></tr><tr><td></td><td></td></tr><tr><td>EBIOS RM study</td><td></td></tr><tr><td>Feared event</td><td></td></tr><tr><td>Risk Origin</td><td></td></tr><tr><td>Target objective</td><td></td></tr><tr><td>Strategic sceanrio</td><td></td></tr><tr><td>Attack path</td><td></td></tr><tr><td>Operation scenario</td><td></td></tr><tr><td>Operating mode</td><td></td></tr><tr><td>Elementary action</td><td></td></tr></tbody></table>

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://intuitem.gitbook.io/ciso-assistant/product-docs/introduction/core-concepts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.