GRC on Sinetris's viewpoints

Risk Owner

Sun, 07 Dec 2025 23:58:31 GMT

Person directly responsible for identifying, assessing, monitoring, reporting, responding to, and defining intervention strategies in relation to risks associated with an IT asset.

Information Technology Asset

Sun, 07 Dec 2025 23:19:32 GMT

Hardware and software (e.g., applications, systems, virtual resources, data) that an organization uses to support its business objectives.

Access Recertification Campaigns

Mon, 01 Dec 2025 10:25:02 GMT

Periodic review of user entitlements to enforce the Principle of Least Privilege, ensure orphaned accounts are removed, and reduce internal threats and compliance violations.

Birthright Access

Sat, 29 Nov 2025 15:32:02 GMT

Entitlements automatically granted to a user when they join an organization or change roles within it.

Subject Matter Expert

Mon, 24 Nov 2025 07:28:53 GMT

A professional with in-depth, specialized knowledge in a particular field, process, or technology who acts as a trusted advisor, guiding teams, validating information, and solving complex problems to ensure accuracy, efficiency, and successful project outcomes.

Asset Administrator

Mon, 24 Nov 2025 01:27:13 GMT

Manages user roles, account assignments, and performs access reviews and audits for an IT asset.

Authentication Assurance Level

Sat, 22 Nov 2025 08:02:00 GMT

NIST standard to assess the degree of confidence and reliability of an authentication process.

Asset Owner

Sat, 22 Nov 2025 08:01:09 GMT

Person or group responsible for an IT asset.

Information Technology Asset Management

Mon, 10 Nov 2025 14:55:30 GMT

Systems to manage the lifecycle of IT assets, including tracking, maintaining and disposing of hardware and software.

Segregation of Duties

Thu, 04 Sep 2025 12:33:22 GMT

Description

Segregation of Duties (SoD) is a mechanism designed to prevent the risks of errors and fraudulent behavior by dividing the actions required to complete a task among different employees.

Examples

To prevent financial fraud: the person approving an invoice cannot be the same person who issued it.

Reason: they could potentially approve and pay fraudulent invoices to themselves or a fictitious supplier.
To prevent both fraud and errors: the software engineer that approve code changes to critical assets cannot be the same person who submitted the changes.

Reason: they could miss mistakes made by them (prevent errors) or abuse the system to their own advantage (prevent fraud).

[Truncated]

Information Assurance

Mon, 17 Mar 2025 10:43:09 GMT

Information Assurance (IA) is the practice of assuring information quality and managing risks related to the use, processing, storage, and transmission of information.

The 5 pillars of information assurance includes protection of the Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation of information.

In IT systems, when possible, assets should be tagged/labeled with proper Information Assurance level.

Confidentiality

The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

[Truncated]

Recovery Point Objective

Sun, 06 Aug 2023 10:10:15 GMT

Targeted duration of time between the event of failure and the point where operations resume.

Recovery Time Objective

Sun, 06 Aug 2023 10:10:15 GMT

Agreed maximum time, based on risk analysis, between the failure event and the restoration of operations.

Software Bill of Materials

Sun, 06 Aug 2023 10:10:15 GMT

A Software Bill of Materials (SBOM) is a comprehensive inventory of all the components, including dependencies and related installed tools, used in a software.