Information Security on Sinetris's viewpoints

Risk Owner

Sun, 07 Dec 2025 23:58:31 GMT

Person directly responsible for identifying, assessing, monitoring, reporting, responding to, and defining intervention strategies in relation to risks associated with an IT asset.

Information Technology Asset

Sun, 07 Dec 2025 23:19:32 GMT

Hardware and software (e.g., applications, systems, virtual resources, data) that an organization uses to support its business objectives.

Responsive Controls

Sun, 07 Dec 2025 21:35:56 GMT

Measures designed to respond to and rectify security violations or incidents after they have been identified.

Detective Controls

Sun, 07 Dec 2025 21:23:57 GMT

Measures designed to identify, record, and report a security incident after it has occurred.

Entitlements

Mon, 01 Dec 2025 11:17:25 GMT

The access rights an account has on an asset.

Access Recertification Campaigns

Mon, 01 Dec 2025 10:25:02 GMT

Periodic review of user entitlements to enforce the Principle of Least Privilege, ensure orphaned accounts are removed, and reduce internal threats and compliance violations.

Access Request

Mon, 01 Dec 2025 10:22:15 GMT

A user-initiated process to gain permission to access an IT asset within an organization’s infrastructure.

Birthright Access

Sat, 29 Nov 2025 15:32:02 GMT

Entitlements automatically granted to a user when they join an organization or change roles within it.

Orphaned Account

Sat, 29 Nov 2025 15:24:33 GMT

Account that retains access to an asset without an active owner.

Data Breach

Thu, 27 Nov 2025 22:08:23 GMT

Incident involving copying, transmitting, viewing, or processing sensitive, protected, or confidential information by unauthorized individuals or for unauthorized purposes.

Data Anonymization

Mon, 24 Nov 2025 14:47:49 GMT

The process of removing Personally Identifiable Information from a dataset in an irreversible and permanent manner. This can serve as a mechanism of privacy protection. In the context of data governance, anonymized data is no longer considered Personally Identifiable Information according to the current regulatory interpretation.

Proactive Controls

Mon, 24 Nov 2025 12:56:03 GMT

Proactive Controls are a strategy designed to prevent attacks and identify vulnerabilities before they are exploited, focusing on prediction and prevention rather than simply reacting, anticipating potential problems or targets and taking action to prepare in advance, rather than waiting for them to occur.

Preventative Controls

Mon, 24 Nov 2025 11:42:20 GMT

Designed to prevent an event or an unauthorized action from occurring.

Security Controls

Mon, 24 Nov 2025 11:36:55 GMT

Safeguards and countermeasures that help protect an organization’s assets, systems, and data from potential risks and threats.

Subject Matter Expert

Mon, 24 Nov 2025 07:28:53 GMT

A professional with in-depth, specialized knowledge in a particular field, process, or technology who acts as a trusted advisor, guiding teams, validating information, and solving complex problems to ensure accuracy, efficiency, and successful project outcomes.

Asset Administrator

Mon, 24 Nov 2025 01:27:13 GMT

Manages user roles, account assignments, and performs access reviews and audits for an IT asset.

Authentication Assurance Level

Sat, 22 Nov 2025 08:02:00 GMT

NIST standard to assess the degree of confidence and reliability of an authentication process.

Asset Owner

Sat, 22 Nov 2025 08:01:09 GMT

Person or group responsible for an IT asset.

Account Lockout

Sat, 22 Nov 2025 08:00:36 GMT

A security feature typically used to prevent a Brute-Force Attack by temporarily disabling a user account after a set number of failed login attempts.

Web Authentication

Mon, 10 Nov 2025 15:34:37 GMT

Specification that defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

Client-to-Authenticator Protocols

Mon, 10 Nov 2025 15:29:40 GMT

Protocol developed by the FIDO Alliance and complementary to the W3C's WebAuthn specification that allows a client (for example, an operating system, browser, or application) to communicate with a device designed to authenticate the user.

FIDO Specifications

Mon, 10 Nov 2025 15:10:26 GMT

A set of open standards published by the FIDO Alliance for stronger, simpler, and phishing-resistant user authentication.

Information Technology Asset Management

Mon, 10 Nov 2025 14:55:30 GMT

Systems to manage the lifecycle of IT assets, including tracking, maintaining and disposing of hardware and software.

Desired State

Mon, 10 Nov 2025 13:47:45 GMT

The planned state of a system, usually defined as data or code in a SSOT.

Account Takeover

Wed, 25 Jun 2025 11:55:55 GMT

Gaining unauthorized access to a user account.

Information Assurance

Mon, 17 Mar 2025 10:43:09 GMT

Information Assurance (IA) is the practice of assuring information quality and managing risks related to the use, processing, storage, and transmission of information.

The 5 pillars of information assurance includes protection of the Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation of information.

In IT systems, when possible, assets should be tagged/labeled with proper Information Assurance level.

Confidentiality

The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

[Truncated]

Principle of Least Privilege

Sun, 06 Aug 2023 10:10:15 GMT

Security concept whereby a user or service is granted the minimum levels of access and authorization necessary to perform the requested task.