# Core concepts ### Introduction CISO Assistant is a cyber security program management platform designed around centralisation, reusability and integration. It covers multiple areas related to GRC (Governance, Risk and Compliance) but extends that to other concepts usefull to cybersecurity practitioners. The platform is open source and available as two editions: * Community (free, self-hosted, core features, community support) * Pro (annual subscription, SaaS or On-premises, core & premium features, priority support) ### Overview ### Definitions

Concept	Details
Domain	Organisational Unit to match your structure, and it will enforce isolation and RBAC
Perimeter	Logical split of the organisation unit to scope a study or assessemnt

Reference control	Template of a control that holds default attributes - doesn't have a lifecycle
Applied control	Can be a projection of the reference control or independent, and is scoped to a domain. Has a lifecycle and extra attributes.
policy	Special type of applied control that is focused on governance guidelines

Asset
Primary asset
Supporting asset

Audit	Tracking of the compliance result against the requirements of a given framework
Mapping
Campaign

Library
Framework
Requirement

Risk assessment
Risk scenario
Threat
Vulnerability
Current risk
Residual risk
Inherent risk

CRQ study
Quant Risk scenario
Quant Risk hypothesis

Task

Evidence
Revision

Entity
Solution
Representative
Entity assessment
Contract

Processing
Right request
Data breach

Incident

Follow-up
Finding

Metric definition
Metric instance
Metric sample
Dashboard
Dashboard widget

Accreditation
Generic collection

Terminology

EBIOS RM study
Feared event
Risk Origin
Target objective
Strategic sceanrio
Attack path
Operation scenario
Operating mode
Elementary action