All pages
Powered by GitBook
1 of 1

Glossary

Concept
Explanation

Domain

A division within your organisation on which you want to enforce an isolation of objects and the RBAC. Demo and Starter are reserved for internal features.

Perimeter

An organisation can split a domain and link its audits, risk assessments, and other relevant objects to it. Doesn't enforce RBAC.

Role

A bundle of permissions. Four roles are built-in:

- Domain Manager: can set up and access everything on a domain - Analyst: can input and read data, but cannot change the settings of a domain - Reader: can only read the items of a domain - Approver: can validate workflows on objects for a domain (eg, Risk Acceptance)

User group

A combination of a role and a domain, on which you can have your users. User groups are automatically created on your behalf whenever you create a domain

Reference Control

A template for a control that can be used as a reference and re-instantiated when needed.

Applied Control

The main component of the action plan. The actual action that you have implemented or will implement. It could be technical, process, policy, documentation, etc.

Evidence

A document, screenshot, config sample, etc., that can prove that an applied control has been properly implemented.

Task

Main component of the task management module. It can be a one-time thing, a periodic one. It supports assignment.

Catalog objects

Reusable objects of CISO Assistant, and are the building blocks of the library (Frameworks, threats, matrix, etc.)

Library

Container object that holds one or multiple catalog objects for CISO Assistant (e.g. Framework, matrix, etc.)

Framework

A set of requirements that covers patterns and expectations to comply with a regulation, prepare a certification, or establish a foundation.

Mapping

Based on the OLIR initiative and allows moving between a framework A to framework B while reusing the previous assessment.

Entity

Scope of an external review, usually the vendor / third party.

Solution

Product or service provided by the entity

Entity assessment

The actual review of the entity, which can trigger or be linked to an audit

Representative

The person that needs to answer the questionnaire and requirement of the entity assessment.

URN

Uniform Resource Name, used as a unique identifier to link to multiple CISO Assistant catalog objects.