DRAFT: Glossary of Terms
Term | Definition / Usage |
|---|---|
Acknowledgment | Process of signing off a survey or part of a survey. |
App | An object stored in app inventory and belonging to exactly one org unit; usually these refer to software applications or some combination of hardware/software, may consist of multiple products working together as a system; may refer to an internally developed product. Can be assessed as an individual target. |
Assessment | Process of asking questions about a specific target or set of targets; exists within a series, consists of one or more surveys and potentially may include data enrichment (host categorization) as part of the survey(s). |
Assessment Series | Organizational bucket containing assessments with the same target type, usually done for the same purpose and often on the same target(s) repeatedly. |
Asset Enrichment | This is part of a survey where attributes about a certain target are gathered. Currently there are two supported types of data enrichment- 1) host categorization as part of an organizational survey; this is the part of the survey where host assets are classified based on the type of data they contain; and 2) app classification as part of an app survey. When the attributes are gathered they have two impacts- 1) the answer is part of the survey results; 2) the attributes on the underlying object are updated to reflect any changes made. |
Deployment- App | An association between an app in inventory with a host also in inventory. |
Deployment- Vendor Product | An association between a vendor product in inventory with an org unit; has data classification associated with it. |
Host | An object stored in host inventory on a sheet which is owned by exactly one org unit; typically these are IP-based networked assets. They are classified based on the type of data they contain and can be assessed via “data enrichment” within a host categorization part of an organizational survey. |
Host Categorization | The part of an organizational survey where host assets are classified based on the type of data they contain. |
Inventory | Objects managed within Isora GRC; have three distinct types- Hosts, Apps and Vendor Products. |
Location | A location is an object representing a specific physical place where a host asset may reside. Locations must be fully qualified, consisting of a site, building, floor and room. Only superusers can create and edit locations. |
Organizational Unit (Org Unit; OU) | Basic entity of ownership or designation; usually these represent groups of people or departments but it could represent anything you care about assessing. Roles (permissions) are on a per-OU basis. |
Role | A method for assigning capabilities or permissions pertaining to a particular OU. |
Survey | The most basic part of an assessment; a list of questions targeting one specific object. |
Target | The entity being assessed / questioned by a survey. |
Unit Questions | The part of an organizational survey with questions targeting the org unit itself. |
Vendor Product | A type of inventory used to represent 3rd-party products. Unlike other inventory types, no one specifically “owns” vendor products. |