Information Technology Reference
In-Depth Information
Term
Description
Compliance assessment
The formal process to discern the organizational
policy and practice as compared against a
compliance requirement at a given point in time.
Compliance
management
The formal tactical process to identify, understand,
assess, analyze, and address organizational
compliance requirements.
Compliance
management program
(CMP)
An initiative to identify, enumerate, and decompose
compliance requirements into organizational
directives.
Compliance
requirements
Qualifications, often in the form of restrictions, to
operations and organizational actions; compliance
requirements may be external (e.g., legislative) or
internal (e.g., mission statement).
Community of interest
(COI)
A group of entities (a.k.a. domains) defined by
logical relationship; physical proximity may be
dispersed.
Community of malicious
intent (COMI)
Pronounced
co-me
; COMI is a collective term that
represents all persons that purposely set out to do
damage to the organization or organizational
information. COMI includes hackers, spies
(corporate and government), non-state-sponsored
adversaries, etc.
Confidentiality
Information is disclosed and observable only by
authorized personnel or information resources.
Conservancy principle
A fundamental edict or underlying faculty of
maintaining a quantity.
Constraint
A restriction or bounds.
Construct (noun)
The term
construct
refers generically to a tool,
template, methodology, or framework that
contributes to the development, operation, or
understanding of something; e.g., an O&M
construct is the network operations center (NOC)
or the IA ops cycle.
Context
The environment within which something exists or
resides.
