The Integrity Gap Model: A Structured Framework for Measuring Specification-Behavior Divergence in Governed Systems

Version 3 of the Integrity Gap Model (IGM), a practitioner whitepaper introducing a structured framework for measuring the gap between what governed systems specify and what they actually do. The model defines five core variables — Integrity Gap (ΔI), Masking (M), Verification Threshold (θ), Ecology (ε), and Effort Asymmetry (ρ) — and applies them to cybersecurity compliance governance. Key additions in v3: four-category ΔI taxonomy (adding iatrogenic ΔI), specification assessment protocol, M↑ diagnostic machinery, three-type proxy failure taxonomy differentiating the governance horizon from Goodhart and Campbell, three mechanism-level predictions carrying the scale-invariant hypothesis, and the detection-clearance separation principle. The paper commits to the strong version of the scale-invariant hypothesis — structural identity across governed systems from code to culture — and specifies falsification criteria for each claim. Developed from a decade of professional practice in cybersecurity, information security, and ISO governance.