Context-aware security is the use of supplemental information to improve security decisions at the time they are made, resulting in more accurate security decisions capable of supporting dynamic business and IT environments. The most commonly cited context information types are environmental (such as location and time). However, context information valuable to information security exists throughout the IT stack, including IP, device, URL and application reputation; business value context; and the threat context in which the decision is made.