Table of Contents outline true
...
Products - Objects for tracking products being developed or already developed by an organization. Mapping controls to products in development can help to ensure that proper security protocols are put in place prior to the product’s release. Can also be set as an audit target by mapping relevant controls.
Projects - A service or product delivered to customers, closely related to Systems. It is a planned set of tasks to be executed over a fixed period. This object can be mapped to controls during the project lifecycle to ensure that required security controls are in place prior to go-live.
...
Incidents - Incidents track risks and or vulnerabilities. They can be used to track failures in patching processes, which could lead to a risk manifesting, or the fact that the actual risk has manifested. It must be clear, that an incident is not a risk, nor is it a vulnerability. OftentimesOften, these are confused and this confusion , which reduces the effectiveness of the risk management program
...