The FREE Cybersecurity Glossary by Thor Pedersen!

Compartmentalization: The strategic division of various components, resources, or entities within a larger system to limit exposure to threats and minimize potential damage. This separation can be achieved in several ways, such as through physical separation, virtualization, or role-based access controls, ensuring that a compromise in one area doesn't lead to a breach in others.

Compartmented Mode: In a compartmented mode setup, users are given access only to the data they require to perform their tasks and nothing else, thereby minimizing the exposure and possible leakage of sensitive information. This is a rigorous application of the principle of least privilege, often used in environments dealing with highly sensitive data, such as military or intelligence operations.

Compensating control: Also known as an alternative control, compensating control is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the moment. While it may not be an exact replacement, a compensating control should provide a similar level of defense against the identified risk, thus maintaining the integrity of the security system.

Completeness Check: A validation process that ensures all necessary data entries or transaction steps are completed before processing. Completeness checks are vital for maintaining data integrity and the accuracy of operations in various systems.

Complexity as the enemy of security: This concept suggests that as a system becomes more complex, it's harder to maintain its security. Each additional component or feature in a system could potentially introduce new vulnerabilities or make it harder to identify existing ones. Simplifying systems and eliminating unnecessary elements can, therefore, be an effective strategy for enhancing their overall security.

Compliance: The process of ensuring that an organization follows relevant laws, regulations, and standards. This includes internal policies and procedures, as well as external requirements such as regulatory standards or contractual obligations. Compliance activities can range from regular audits and checks to training and education programs designed to prevent violations and ensure that all operations align with the expected requirements.