Community of interest (computer security)

Community of interest (COI or CoI) is a means in which network assets and or network users are segregated by some technological means for some established purpose. COIs are a strategy that fall under the realm of computer security which itself is a subset of security engineering. Typically, COIs are set up to protect a network infrastructure from a group or groups of users who are performing some esoteric functions. COIs are also designed to protect their user community from the rest of the enclave user population. Not only does this refer to the simplicity of the network, but it also includes a group of people that come together on different social networks to share data. There are multiple examples such as Wikipedia, Facebook, Blogs, YouTube, and many more where people come together as a community of interest to work together towards a common goal, learn from each other, critique, and share ideas. These users and group of people are separated into categories and segregated into logical groups. There can be professional groups, health groups that include people interested in specific diets, business groups, self-start up groups, and so many other countless categories. A COI is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives.

Definition
A COI can be defined as a logical or physical grouping of network devices or users with access to information that should not be made available to the general user population on a LAN or WAN infrastructure. A COI can be used to provide multiple levels of protection for a LAN or WAN infrastructure from the activities within a COI. A COI can consist of a logical perimeter around the community (or enclave). It can allow for separate security management and operational direction. COI's generally do not dictate separate internal security policies (e.g., password policies, etc.) because they fall under the jurisdiction and management of the LAN or WAN owners. However, they can and often do have a laxed subset of the overall Network security policy. The terms "Segregation Mechanism" and "Security Mechanism" for the purposes of this article are interchangeable. The COI segregates in order to achieve security.

A distinction between the CoP's and the CoI's

A CoP may operate with any of the following attributes: Often CoIs span similar organizations (e.g., DoD, particularly when there is a common interest in an outcome).
 * Some sponsorship
 * A vision and/or mission statement
 * Goals and/or objectives
 * A core team and/or general membership
 * Expected outcomes and/or impacts
 * Measures of success
 * Description of operating processes
 * Assumptions and/or dependencies
 * Review and/or reflection

Individual members may be expected to:
 * Support the CoP through participation and review/validation of products
 * Attempt to wear the "one hat" associated with the CoP while maintaining the integrity and autonomy of their individual organizations.
 * Participate voluntarily with the blessing of their organizations that determine their level of participation and investment.

Security mechanisms
COI security requirements can range in sophistication from simple network file shares to an interconnection of physically separate sites that are connected via dedicated communication circuits. COI security mechanisms and the respective basic characteristics are identified in the Table. These security mechanisms may be utilized individually and in combinations to provide the requisite security for each COI. COI architecture can overlay the existing LAN or WAN architecture in order to maximize the use of existing resources and to provide the required COI separation in the most efficient manner.

COIs that require additional dedicated physical resources (e.g., dedicated router, VPN and firewalls devices) are usually more complex in nature and expensive to operate because of the added network devices and the personnel to operate and manage them. They also add the benefit of more security utilizing the defense in depth approach. A COI does not necessarily imply a physical separation of the infrastructure, but can do so.

Construction
A standard approach to COI segregation can be through the use of group policies if the LAN or WAN infrastructure utilizes the Microsoft Windows operating system utilizing the Active Directory service. Additional dedicated COI boundary security components such as a router, VPN, firewall, and IDS can be provided depending upon the requirement needs of a COI. COIs can be designed and deployed by employing the security mechanisms that are listed in the Table. Typically each individual COI may have unique characteristics and requirements. The security mechanisms listed above are the basic building blocks in the construction of all COIs.