# Context ## Threat A threat is the potential cause of an incident that may result in a breach of information security or compromise business operations (ISO 27000). Threats are used to clarify the aim of a requirement or an applied control. They are informative, assessments can be realized without using them.\ Threats can be imported from a library, but you can create your own threats in the global domain or in a specific domain. ## Reference control Reference controls are templates for applied controls. They facilitate the creation of an applied control, and help to have consistent applied controls. They are optional, but recommended.\ Reference controls can be provided by security frameworks that are imported from a library, but you can create your own reference controls in the global domain or in a specific domain. ## Applied control Applied controls are fundamental objects for compliance and remediation. They can derive from a reference control, which provides better consistency, or be independent.\ Applied controls are always defined by the entity and can be attached to the global domain or in a specific domain. ## Asset An asset refers to any piece of information that holds value to an organization. These assets can be digital or physical and encompass a wide range of data types, including customer records, financial information, intellectual property, employee records, proprietary software, marketing materials, and more.\ Assets are always defined by the entity and can be attached to the global domain or in a specific domain.\ There are two types of assets: * **Primary assets** are core resources directly contributing to an organization's main objectives, like machinery or intellectual property. * **Support assets** indirectly aid primary functions, such as IT systems or administrative services. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://intuitem.gitbook.io/ciso-assistant/model/context.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.