-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
28 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -31,3 +31,5 @@ terraform.tfstate.backup | |
|
|
||
| ## VS code | ||
| .vscode | ||
|
|
||
| example | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| Not just related to compliance framework, but industry terms that come up also. | ||
|
|
||
| | Name | Definition | | ||
| | ---- | ---------- | | ||
| | Attestation | Recorded evidence that a control has been implemented | | ||
| | AttestationProvider | The external piece of software that performs the actual attestation, eg ssh, checkov | | ||
| | Controls | Policies and procedures designed to ensure systems are secure and/or stable and/or resilient. (aka Requirement) | | ||
| | Component | Entity that is the subject of a Control, eg a Virtual Machine instance. A Component's status is made up of collective results of ComponentRequirements pertaining to that Component. | | ||
| | ComponentAttestation | The Attestations carried out on a Component. | | ||
| | ComponentImplementation | An instance of an Implementation for a Component. | | ||
| | ComponentRequirement | An instance of a Control linked to a Component. A ComponentRequirement asks a ComponentImplementation what the results of its ComponentAttestations were. | | ||
| | Detective Control | A control that records that a qualifying event has taken place, usually with a view to following up with a check that the event was valid. | | ||
| | DORA | Digital Operational Resilience Act Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554| | ||
| | FINOS | Fintech Open Source Foundation | | ||
| | GRC | Governance, Risk and Control | | ||
| | Implementation | A specific Implementation of a Control, eg a cronjob that kills any processes that listen on port 22 every minute might implement a Reactive Control.| | ||
| | KRI | Key Risk Indicator: a metric for measuring the probability of an event and its consequences will exceed the organisation's risk appetite | | ||
| | OSCAL | Open Security Controls Assessment Language OSCAL - Open Security Controls Assessment Language | | ||
| | Parent Component | | | ||
| | Preventative Control | A Control that prevents an event from taking place, eg an organisational policy that prevents an S3 bucket being exposed to the internet. | | ||
| | Reactive Control | A Control that takes corrective action when an event takes place, eg shutting down a VM that has attached an unencrypted disk. | | ||
| | Requirement | See Control | | ||
| | RPO | Recovery Point Objective | | ||
| | SMF24 | | | ||
| | Senior Management Function 24 | the person in an organisation held responsible for operational failings. | | ||
| | Variance | | |