URIP Glossary
Last updated: 2026-04-29
Status: Stable
A plain-English guide to every term used in URIP and across the cybersecurity industry. If you see a word in the platform or docs that you do not recognise, it is probably here.
A
ALE (Annual Loss Expectancy)
The estimated amount of money your organisation could lose from a cyber risk in one year. Used in the Risk Quantification module to translate technical risks into financial terms the board understands. Calculated as: how often the risk happens × how much it costs when it does.
Asset
Any item in your environment that URIP tracks: a server, laptop, cloud database, mobile device, or network appliance. Every risk is linked to at least one asset.
Asset Tier (T1–T4)
How business-critical an asset is. T1 = crown jewels (production databases, domain controllers). T4 = low value (lab devices, guest Wi-Fi). URIP uses tier to adjust risk scores: the same vulnerability on a T1 asset scores higher than on a T4.
Attack Path
A chain of vulnerabilities an attacker could follow from an external entry point to a high-value internal asset. URIP's Attack Path module visualises these chains so you can break them before an attacker uses them.
Audit-Grade
A framework or control whose language is mapped directly to the official standard and is suitable for formal audit evidence. Opposite of preview.
Auditor Portal
A read-only view inside URIP designed for external auditors. They can see control status, evidence, and policies for the frameworks you invite them to — without seeing other tenants' data or your credentials.
B
BAS (Breach & Attack Simulation)
A security testing approach that safely simulates real attacker techniques to see if your defences actually block them. SafeBreach is URIP's BAS connector.
Bulk Action
Doing something to many risks at once instead of one by one. In the Risk Register, select multiple rows to bulk-assign, bulk-accept, or bulk-export.
C
CISA KEV (Known Exploited Vulnerabilities)
A list maintained by the US Cybersecurity and Infrastructure Security Agency of vulnerabilities that attackers are actively using right now. If a CVE is on this list, URIP flags it urgently regardless of its theoretical severity.
CNAPP (Cloud-Native Application Protection Platform)
A category of security tool that protects cloud applications and infrastructure. Wiz, Prisma Cloud, and Orca are CNAPPs. URIP pulls their findings into the Cloud domain and CSPM module.
Composite Score
URIP's 0–10 risk score for a single finding. It blends four signals: how bad the vulnerability is on paper (CVSS), how likely it is to be exploited (EPSS), whether it is being exploited now (KEV), and how important the asset is (Tier).
Compensating Control
A safeguard you put in place when you cannot fix a risk directly. For example: if you cannot patch an old PLC, you might air-gap it and monitor it closely. URIP lets you document compensating controls when accepting a risk.
Connector
The integration between URIP and one of your security tools. Each connector securely pulls findings from the tool and sends them into URIP for normalisation and scoring.
Control
A single requirement inside a compliance framework. For example, SOC 2 CC6.1 is a control about logical access. URIP evaluates each control as pass, fail, inconclusive, or not evaluated.
CSPM (Cloud Security Posture Management)
Continuous monitoring of your cloud accounts for misconfigurations: open storage buckets, overly permissive permissions, missing encryption. AWS, Azure, and GCP all offer native CSPM APIs.
CVE (Common Vulnerabilities and Exposures)
The industry-standard ID for a known security flaw. Example: CVE-2021-44228 is Log4j. URIP links every vulnerability finding to its CVE entry so you can look it up.
CVSS (Common Vulnerability Scoring System)
The theoretical severity score (0–10) assigned to a CVE when it is first published. URIP uses CVSS as one input but boosts or lowers the final score based on live threat intelligence.
D
Dedup / Deduplication
When two tools find the same vulnerability on the same asset, URIP merges them into one risk record instead of showing duplicates. Both tools are still listed as sources.
Domain (Security Domain)
A technology category: Endpoint, Identity, Network, Cloud, Email, Mobile, OT, or External Threat. URIP groups findings by domain so specialists can focus on their area.
DSPM (Data Security Posture Management)
Discovery and classification of sensitive data at rest — credit card numbers, health records, personal information. BigID and Varonis are DSPM tools.
E
EASM (External Attack Surface Management)
Scanning the internet to find what belongs to your organisation and is exposed: subdomains, open ports, forgotten services. Censys, Shodan, and Detectify are EASM tools.
Early-Access
A module or framework whose core features are working and usable, but where some advanced capabilities are still on the roadmap. Previously called "early-access."
EPSS (Exploit Prediction Scoring System)
A probability score (0–1) from FIRST.org estimating how likely a CVE is to be exploited in the next 30 days. A score above 0.5 means high likelihood. URIP weights EPSS heavily because it predicts real-world danger better than theoretical severity alone.
Evidence
A file or document that proves a compliance control is met: a policy PDF, a screenshot of MFA settings, an audit log export, a penetration test report.
Executive Summary
A high-level view designed for senior leadership: total risk posture, trend lines, financial impact, and compliance readiness — without technical detail.
F
FAIR (Factor Analysis of Information Risk)
A methodology for converting cybersecurity risks into estimated financial losses. URIP's Risk Quantification module uses FAIR to produce Annual Loss Expectancy (ALE) figures.
Framework (Compliance Framework)
A structured set of controls defined by a standards body. SOC 2, ISO 27001, GDPR, and PCI DSS are all frameworks. URIP evaluates your security posture against 20 frameworks automatically.
G
Greyed-Out Toggle
In URIP, if a module toggle is greyed out in Admin → Modules, it means the module is not licensed for your tenant or a prerequisite connector is missing. Contact your account manager to add the license.
H
Hybrid-SaaS
A deployment mode where URIP hosts the dashboards, but the connector workers that talk to your tools run inside your network. Your raw credentials and raw findings never leave your perimeter.
I
IOC (Indicator of Compromise)
A sign that an attack has happened or is happening: a malicious IP address, a suspicious file hash, a rogue domain. URIP cross-references your assets against live IOC feeds from AlienVault OTX.
Implication Check
A safety step before auto-remediation runs. URIP shows you what else might be affected if the fix is applied — for example, rebooting a server that other services depend on.
J
JTI (Justification, Timeline, Impact)
A risk-acceptance discipline used in URIP: every accepted risk must have a clear justification, a review timeline (when it will be revisited), and an understanding of business impact if the risk is exploited.
K
KEV
See CISA KEV.
L
Last-Write-Wins
URIP's rule when two people edit the same risk at the same time. The most recent save is kept. Both versions are preserved in the audit log so nothing is lost.
M
MFA (Multi-Factor Authentication)
A security layer that requires something you know (password) plus something you have (a code from your phone). URIP enforces MFA for every user and it cannot be disabled.
Module
An optional capability in URIP: CSPM, DSPM, AI Security, ZTNA, Attack Path, Risk Quantification, Compliance, Trust Center, and others. Enabled per-tenant by a super-admin.
N
Normalise
The process of converting every tool's different severity labels into URIP's single 0–10 scale. Without normalisation, a "High" in one tool means something different from a "High" in another.
O
OT (Operational Technology)
Industrial control systems: PLCs, SCADA, manufacturing lines, energy grid equipment. These devices often cannot be patched quickly, so URIP treats OT risks with special attention.
On-Premise
A deployment mode where URIP runs entirely inside your own data centre or cloud account. You manage the infrastructure; URIP provides the software.
P
Pending Retest
A risk status meaning the fix has been applied and URIP is waiting for the next connector poll to confirm the vulnerability is gone.
Poll
How often a connector asks your security tool for new data. High-volume tools poll every 15 minutes; low-volume tools poll every 4 hours.
Preview
See Early-Access.
R
RBAC (Role-Based Access Control)
The system that decides what each user can see and do in URIP. There are six built-in roles: Viewer, Analyst, CISO, Compliance Officer, Super-Admin, and Auditor (read-only).
Remediation
The work of fixing a risk: patching a server, rotating a credential, changing a firewall rule, removing excessive permissions.
Risk Acceptance
A formal decision to leave a risk unremediated for a defined period, with written justification and compensating controls. Used for legacy systems, vendor limitations, or risks below your organisation's appetite threshold.
Risk Register
The full working list of every open finding in your environment, sorted by composite score. This is where analysts spend most of their time.
ROI (Return on Investment)
The business value URIP delivers: reduced audit preparation time, fewer breach-related losses, optimised security spending by retiring redundant tools, and faster mean-time-to-remediate.
S
SaaS (Software as a Service)
URIP hosts everything for you. You log in through your browser. No servers to manage. Fastest time to value.
Preview
Deprecated term. See Early-Access or Preview.
Severity Band
How URIP groups risks by score: Critical (9.0–10.0), High (7.0–8.9), Medium (4.0–6.9), Low (0.0–3.9).
SLA (Service Level Agreement)
In URIP, the time allowed to fix a risk before it becomes overdue. Default: Critical = 7 days, High = 30 days, Medium = 90 days, Low = 180 days. Configurable per tenant.
Source Connector
The tool or tools that reported a specific risk. A single risk can have multiple sources if deduplication merged findings from several tools.
Super-Admin
The highest URIP role. Can create tenants, enable modules, configure scoring weights, and manage all users across tenants.
Suppress
To hide a risk from the open risk count because it is a false positive or already handled outside URIP. Suppression is logged in the audit trail.
T
Tenant
Your organisation's isolated URIP environment. Your data, users, connectors, and settings are completely separate from every other tenant.
Threat Actor
A person or group that carries out cyber attacks. MITRE ATT&CK tracks which threat actors exploit which vulnerabilities. URIP shows this attribution in the Risk Detail panel.
Threat Intelligence
Live information about what attackers are doing right now: new exploits, emerging vulnerabilities, malicious IPs, and attack campaigns. URIP integrates four feeds automatically.
Trust Center
A public-facing page you can share with customers and partners showing your compliance posture — without giving them access to your URIP account.
U
URIP Score
See Composite Score.
V
VAPT (Vulnerability Assessment & Penetration Testing)
Security testing performed by external specialists. URIP's VAPT Vendor Portal lets these specialists submit their findings directly into your Risk Register.
Viewer
The most restricted URIP role. Can read dashboards and reports but cannot assign risks, upload evidence, or change anything.
W
Webhook
An automatic message sent from one system to another when something happens. URIP uses webhooks to close risks automatically when a Jira or ServiceNow ticket is resolved.
Workflow
An automated sequence in URIP: when a risk is assigned, create a ticket; when the ticket closes, mark the risk for retest.
See Also
- Complete User Guide — full feature reference
- How URIP Works — platform architecture
- Compliance Frameworks — all 20 supported frameworks