Usage-tracking of assets for security assurance

What is claimed is: 1. A multi-tenant security assurance platform comprising one or more non-transitory computer readable media and processing hardware configured to cause the multi-tenant security assurance platform to provide information security assurance by usage-tracking of information security entities for an organization by: onboarding at least one tenant onto the multi-tenant security assurance platform; tracking a plurality of information security entities, an information security entity comprising an established regulatory framework with one or more policies that indicate standards requirements for the established regulatory framework, one or more controls that enforce the one or more policies, and one or more evidence tasks that verify the one or more controls have been implemented; maintaining the one or more policies for the at least one tenant onboarded to the multi-tenant security assurance platform, wherein the one or more policies are enforced by implementing the one or more controls of the information security entities and the one or more controls are verified by collecting the one or more evidence tasks; creating an asset population of one or more assets that belong to different asset-types and mapping the asset population to the plurality of information security entities that are each corresponding to a different established regulatory framework, an asset-type comprising cloud infrastructure, servers, enterprise applications, workstations, security privileges, employees, vendors, security incidents, system outages, system changes, application changes and emergency changes; and drawing a population sample from the asset population comprising the one or more assets to determine one or more risks with at least one asset in the population sample by monitoring a compliance of the one or more assets of the population sample across the plurality of information security entities based on the mapping between the asset population and the plurality of information security entities. 2. The multi-tenant security assurance platform of claim 1 , wherein creating the asset population of the one or more assets that belong to different asset-types comprises: performing a creation of the asset population continuously in real-time or near real-time to generate a continuous asset population and monitor compliance of the at least one tenant; and providing an up-to-date compliance status of the asset population for the plurality of information security entities. 3. The multi-tenant security assurance platform of claim 1 , wherein drawing the population sample comprises: receiving a request from an auditor device via a self-service portal to draw the population sample; and based on a selection of the population sample by the auditor device, provide for display on the auditor device, a report of an overall compliance status of the at least one tenant with the plurality of information security entities. 4. The multi-tenant security assurance platform of claim 3 , wherein the self-service portal allows natural language processing (NLP) for specifying one or more queries in response to the population sample to determine an associated risk with the population sample. 5. The multi-tenant security assurance platform of claim 3 , wherein drawing the population sample comprises: receiving an event-driven basis; and generating the population sample associated with controls and risks related to the event-driven basis. 6. The multi-tenant security assurance platform of claim 5 , further comprising generating a report of the event-driven basis comprising compliance status of the event-driven basis, access privileges of the event-driven basis and related controls of the event-driven basis. 7. The multi-tenant security assurance platform of claim 1 , wherein collecting the one or more evidence tasks comprises performing an autocollection evidence task via one or more integrations installed for the at least one tenant in the multi-tenant security assurance platform to generate one or more files that proves an implementation of a control. 8. The multi-tenant security assurance platform of claim 1 , further comprising using vendor data from an asset management module to populate a vendor risk management module. 9. The multi-tenant security assurance platform of claim 1 , further comprising obtaining employee data from an asset management module originating from a privilege management module and an awareness training model. 10. The multi-tenant security assurance platform of claim 1 , further comprising obtaining asset data from a security posture module related to information technology (IT) assets from an asset management module. 11. The multi-tenant security assurance platform of claim 1 , wherein tracking one or more information security entities of the plurality of information security entities comprises tracking General Data Protection Regulation (GDPR), System and Organizational Controls (SOC) 2, National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), NIST 853, NIST Special Publication (SP) 800-53, NIST SP 800-171, Federal Financial Institutions Examination Council (FFIEC) Information Security regulations/framework, IT General Controls (SOC 1), Microsoft™'s Supplier Security and Privacy Assurance (SSPA), Cybersecurity Maturity Model Certification (CMMC), California Consumer Privacy Act (CCPA), International Organization for Standardization (ISO) 27001, ISO 27701, Open Finance Data Security Standard (OFDSS), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). 12. A computer-implemented method executing computer-readable instructions by at least one microprocessor for operating a multi-tenant software as a service (SaaS) security assurance platform, the computer-readable instructions stored in a non-transitory storage medium coupled to said at least one microprocessor, and the computer-implemented method comprising: onboarding at least one tenant onto the multi-tenant SaaS security assurance platform; tracking a plurality of information security entities, an information security entity comprising an established regulatory framework with one or more policies that indicate standards requirements for the established regulatory framework, one or more controls that enforce the one or more policies, and one or more evidence tasks that verify the one or more controls have been implemented; maintaining the one or more policies for the at least one tenant onboarded to the multi-tenant SaaS security assurance platform, wherein the one or more policies are enforced by implementing the one or more controls of the plurality of information security entities and the one or more controls are verified by collecting the one or more evidence tasks; creating an asset population of one or more assets that belong to different asset-types and mapping the asset population to the plurality of information security entities that are each corresponding to a different established regulatory framework, an asset-type comprising cloud infrastructure, servers, enterprise applications, workstations, security privileges, employees, vendors, security incidents, system outages, system changes, application changes and emergency changes; and drawing a population sample from the asset population comprising the one or more assets to determine one or more risks with at least one asset in the population sample by monitoring a compliance of the one or more assets of the population sample across the plurality of information security entities based on the mapping between the asset population and the plurality of information security entities.