Skip to main content

Glossary

Important terms and resource definitions

Evidence

An Item that shows that Security Controls(s) are in place. E.g. “Anti-Virus Monitoring Report”

Control

Something that an Organization must do to be secure. E.g. “Anti-Virus is ran daily”

Control Framework

A grouping of controls for a certain standardization. E.g. “ACET”

Audit

A point in time evaluation of an Organization’s security Controls

Point of Contact

Represents a person involved with an Organization. Point of Contacts can be tracked and assigned to various things in the Platform

Metric Type

A configuration for routinely gathering Metric data either internally in the Platform or from External sources. E.g. “Monthly Training Percentage”

Metric

A point in time instance of metric data. E.g. “June 2021 training: 80%”

Key Performance Indicator

A Good/Bad evaluation Rule for Metric data. E.g. “Monthly Training must be above 80%”

Observation / Finding

A neutral bias observation of something in an Organization’s security program that may need addressing. Important Observations may be elevated to a ‘Finding’. E.g. “No monthly training is performed”

Recommendation

A suggestion on how to improve an Organization’s security program. Usually in response to an Observation. E.g. “Implement a Monthly Training program”

Action Item

A specific task that an Organization or Point of Contact should perform to improve the security program. Usually in response to a Recommendation. E.g. “Complete June 2021 Training”

Organization

An entity that is using the Platform. E.g. “ACME Credit Union”

Policy

A document that outlines rules and procedures that an Organization must follow. E.g. “Information Security Policy”

Report

A document that provides an analysis of something in the Organization’s security program. E.g. “2021 ACET Audit Report”

Blueprint

A high level overview of an Organization’s security program

Program Element

A general block of an Organization’s security program. E.g. “Compliance”, “Risk Assessment”

Program Section

A focused part of a Program Element. E.g. “Compliance - Audits”

Meeting

Point of Contacts getting together to discuss general or specific things in the security program.

System

An application, process, or physical device that interacts with secure information. E.g. “Email Server”

Risk Assessment

A point in time evaluation of an Organization’s information systems

Risk Change

A point in time change to an Organization that impacts their Risk Assessment data. E.g. “Asset Size Increase”

Document

A file that is stored in the Platform

Vulnerability

A specific finding from a Security Scan, may be associated with one or multiple Targets. E.g. “Windows Server is running a legacy version”

Target

A specific IP address or Host that is involved in a Security Scan. E.g. “Office Guest Computer”

Assessment

A point in time Vulnerability Scan across a range of targets.

Security Appliance

A physical appliance on an internal network that helps facilitate security scans.

Vendor

A entity that an Organization works with that provides services. E.g. “Microsoft”

Vendor Solution

A specific service or product from a Vendor. E.g. “Office 365”

Vendor Review

A point in time evaluation of the security of a particular Vendor Solution.

Vendor Control

A security control that Vendors Solutions should have in place or have been audited by an outside party. E.g. “Contract information is kept in a secure location”

Pre-Qualified Certification

A list of security controls that may be automatically evaluated for a Vendor Review if the Vendor Solution already has a current audit or certification. E.g. “Current PCI certification - automatically satisfies 10 controls”

Role

A customized User Access group for Point of Contacts with user accounts. Restricts and allows access to individual Modules, Pages, and Data types. E.g. “Intern Role”

System Template

A pre-configured Information System that can be applied to an Organization

Blueprint Template

A pre-configured Security Blueprint that can be applied to an Organization

Control Template

A pre-configured Compliance Control that can be applied to an Organization

Control Framework Template

A pre-configured Compliance Control Framework that can be applied to an Organization

Evidence Template

A pre-configured Compliance Evidence item that can be applied to an Organization

Role Template

A pre-configured user Role that can be applied to an Organization

CISSP Review

A special form of Vendor Review that is done by security personnel that have a valid CISSP certification.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close