Skip to main content
Skip table of contents



Welcome to the RiskStudio Help Center Glossary. This glossary is designed to provide clear, concise definitions for key terms used throughout the RiskStudio application. Understanding these terms will help you navigate and utilize RiskStudio more effectively.


  • Attack Surface: The total sum of all potential security vulnerabilities in a software environment or system. It represents the aggregate of all points where an unauthorized user could try to enter data to or extract data from an environment.


  • Benchmarking: The practice of comparing business processes and performance metrics to industry bests and best practices from other companies.


  • Companies: Within RiskStudio, this refers to all companies within the Cyber Chain, including suppliers and partners, involved with the organization.

  • Control: A mechanism within RiskStudio for managing and monitoring risk to ensure the effectiveness of risk management strategies and activities. This includes continuously assessing cyber risk, monitoring the effectiveness of security measures, adjusting risk management processes as needed, and complying with relevant laws, regulations, and internal policies.

  • Control Question: A specific question designed to assess the effectiveness of a control in mitigating associated risks. It aids in determining whether a control is operating as intended.

  • Cyber Chain: The network of interconnected companies, including suppliers and partners, each with their role in the cybersecurity ecosystem of an organization.

  • Company Index: A business index is a collection of business data organized and indexed for easy access and analysis. This index provides a structured view of company information, including details such as company name, industry, location and other relevant data. It allows users to quickly find companies, view their profiles and perform related analysis within a specific business ecosystem.


  • Dashboard: A user interface that provides a graphical representation of an organization's real-time security and risk data.


  • Event Analyzer: A log of all security-related events and incidents, providing users with a chronological record for analysis.

  • Elements: In RiskStudio, functions like risks, entities, companies, participants, etc. consume elements. Your subscription type determines the cost per element, which you can change as needed. Synonyms for elements are unites or credits.


  • Functional Group: A collection of individuals or entities grouped based on their function within the organization, often with a shared set of risks and controls.


  • Operational Entities: The various units, processes, and systems within an organization that are involved in the day-to-day operations.


  • Participants: All stakeholders involved in an organization's cybersecurity landscape, which may include internal employees and external partners.


  • Risk Board: An interactive dashboard for monitoring and managing risks, allowing users to see the big picture and details of their cybersecurity posture.

  • Risks: Potential threats or vulnerabilities that could negatively impact the organization, including templates and controls for risk mitigation.

  • Reference: A citation or mention of a source of information, often used in the context of supporting data for risks, controls, and compliance requirements.

  • Risk Control: Actions or mechanisms put in place to reduce the likelihood or impact of a risk. These can be preventive, detective, or corrective in nature.

  • Risk Scope: The boundaries within which a risk assessment is conducted, often defining the extent of the business areas, systems, or processes to be evaluated.

  • Risk Template: A predefined framework used to identify and describe a risk, including its potential impacts, likelihood, and the controls needed to mitigate it. Templates streamline the risk assessment process and ensure consistency.


  • Subscription & Billing: Refers to the account management features related to the subscription model of RiskStudio and the associated billing information and processes.

  • Severity: A measure of the potential impact a risk could have on an organization, categorized into levels such as low, medium, high, based on criteria like financial loss, reputational damage, and operational disruption.


  • Triage: The process of determining the priority of events, typically to establish the order of treatment against the severity and potential impact.

  • Tier: A level or layer of a hierarchy or classification system. In RiskStudio, this could relate to the categorization of risks, controls, or organizational units based on their significance or complexity.

  • Threat Index: A comprehensive index of threats that can be selected as a basis for event during triage. The Threat Index provides a structured classification of various threats, allowing users to quickly find relevant information and respond appropriately to potential risks.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.