GRC on Sinetris's viewpoints

Risk Owner

2025-12-07T23:58:31+00:00

2025-12-07T23:58:31+00:002025-12-07T23:58:31Zhttps://sinetris.info/glossary/risk-owner/#atom

Person directly responsible for identifying, assessing, monitoring, reporting, responding to, and defining intervention strategies in relation to risks associated with an IT asset.

Information Technology Asset

2025-12-07T23:19:32+00:00

2025-12-07T23:19:32+00:002025-12-07T23:19:32Zhttps://sinetris.info/glossary/information-technology-asset/#atom

Hardware and software (e.g., applications, systems, virtual resources, data) that an organization uses to support its business objectives.

Access Recertification Campaigns

2025-12-01T10:25:02+00:00

2025-12-01T10:25:02+00:002025-12-01T10:25:02Zhttps://sinetris.info/glossary/access-recertification-campaigns/#atom

Periodic review of user entitlements to enforce the Principle of Least Privilege, ensure orphaned accounts are removed, and reduce internal threats and compliance violations.

Birthright Access

2025-11-29T15:32:02+00:00

2025-11-29T15:32:02+00:002025-11-29T15:32:02Zhttps://sinetris.info/glossary/birthright-access/#atom

Entitlements automatically granted to a user when they join an organization or change roles within it.

Subject Matter Expert

2025-11-24T07:28:53+00:00

2025-11-24T07:28:53+00:002025-11-24T07:28:53Zhttps://sinetris.info/glossary/subject-matter-expert/#atom

A professional with in-depth, specialized knowledge in a particular field, process, or technology who acts as a trusted advisor, guiding teams, validating information, and solving complex problems to ensure accuracy, efficiency, and successful project outcomes.

Asset Administrator

2025-11-24T01:27:13+00:00

2025-11-24T01:27:13+00:002025-11-24T01:27:13Zhttps://sinetris.info/glossary/asset-administrator/#atom

Manages user roles, account assignments, and performs access reviews and audits for an IT asset.

Authentication Assurance Level

2025-11-22T08:02:00+00:00

2025-11-22T08:02:00+00:002025-11-22T08:02:00Zhttps://sinetris.info/glossary/authentication-assurance-level/#atom

NIST standard to assess the degree of confidence and reliability of an authentication process.

Asset Owner

2025-11-22T08:01:09+00:00

2025-11-22T08:01:09+00:002025-11-22T08:01:09Zhttps://sinetris.info/glossary/asset-owner/#atom

Person or group responsible for an IT asset.

Information Technology Asset Management

2025-11-10T14:55:30+00:00

2025-11-10T14:55:30+00:002025-11-10T14:55:30Zhttps://sinetris.info/glossary/information-technology-asset-management/#atom

Systems to manage the lifecycle of IT assets, including tracking, maintaining and disposing of hardware and software.

Segregation of Duties

2025-09-04T12:33:22+00:00

2025-09-04T12:33:22+00:002025-09-04T12:33:22Zhttps://sinetris.info/glossary/segregation-of-duties/#atom

Description

Segregation of Duties (SoD) is a mechanism designed to prevent the risks of errors and fraudulent behavior by dividing the actions required to complete a task among different employees.

Examples

To prevent financial fraud: the person approving an invoice cannot be the same person who issued it.

Reason: they could potentially approve and pay fraudulent invoices to themselves or a fictitious supplier.
To prevent both fraud and errors: the software engineer that approve code changes to critical assets cannot be the same person who submitted the changes.

Reason: they could miss mistakes made by them (prevent errors) or abuse the system to their own advantage (prevent fraud).

Information Assurance

2025-03-17T10:43:09+00:00

2025-03-17T10:43:09+00:002025-03-17T10:43:09Zhttps://sinetris.info/glossary/information-assurance/#atom

Information Assurance (IA) is the practice of assuring information quality and managing risks related to the use, processing, storage, and transmission of information.

The 5 pillars of information assurance includes protection of the Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation of information.

In IT systems, when possible, assets should be tagged/labeled with proper Information Assurance level.

Confidentiality

The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

Recovery Point Objective

2023-08-06T10:10:15+00:00

2023-08-06T10:10:15+00:002023-08-06T10:10:15Zhttps://sinetris.info/glossary/recovery-point-objective/#atom

Targeted duration of time between the event of failure and the point where operations resume.

Recovery Time Objective

2023-08-06T10:10:15+00:00

2023-08-06T10:10:15+00:002023-08-06T10:10:15Zhttps://sinetris.info/glossary/recovery-time-objective/#atom

Agreed maximum time, based on risk analysis, between the failure event and the restoration of operations.

Software Bill of Materials

2023-08-06T10:10:15+00:00

2023-08-06T10:10:15+00:002023-08-06T10:10:15Zhttps://sinetris.info/glossary/software-bill-of-materials/#atom

A Software Bill of Materials (SBOM) is a comprehensive inventory of all the components, including dependencies and related installed tools, used in a software.