Cyber Glossary - I
IA Architecture – A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans. (CNSSI-4009) (NISTIR)
IA-Enabled Information Technology Product – Product or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities. Examples include such products as securityenabled Web browsers, screening routers, trusted operating systems, and security-enabled messaging systems. (CNSSI-4009) (NISTIR)
IA-Enabled Product – Product whose primary role is not security, but provides security services as an associated feature of its intended operating capabilities. Note: Examples include such products as security-enabled Web browsers, screening routers, trusted operating systems, and security enabling messaging systems. (CNSSI-4009) (NISTIR)
IA Infrastructure – The underlying security framework that lies beyond an enterprise’s defined boundary, but supports its IA and IA-enabled products, its security posture and its risk management plan. (CNSSI-4009) (NISTIR)
IA Product – Product whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, nonrepudiation of data); correct known vulnerabilities; and/or provide layered defense against various categories of non-authorized or malicious penetrations of information systems or networks. (CNSSI-4009) (NISTIR)
ICT supply chain threat - Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes. (From: DHS SCRM PMO) (NICCS)
Related Term(s): supply chain, threat
Identification – The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system. (SP 800-47) (NISTIR)
The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items. (FIPS 201) (NISTIR)
An act or process that presents an identifier to a system so that the system can recognize a system entity (e.g., user, process, or device) and distinguish that entity from all others. (CNSSI-4009) (NISTIR)
Identifier – Unique data used to represent a person’s identity and associated attributes. A name or a card number are examples of identifiers. (FIPS 201) (NISTIR)
A data object - often, a printable, non-blank character string - that definitively represents a specific identity of a system entity, distinguishing that identity from all others. (CNSSI-4009) (NISTIR)
Identity – A set of attributes that uniquely describe a person within a given context. (SP 800-63) (NISTIR)
The set of physical and behavioral characteristics by which an individual is uniquely recognizable. (FIPS 201) (NISTIR)
The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity. (CNSSI-4009) (NISTIR)
Identity-Based Access Control – Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to specific objects are assigned based on user identity. (SP 800-53; CNSSI-4009) (NISTIR)
Identity-Based Security Policy – A security policy based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access. (SP 800-33) (NISTIR)
Identity Binding – Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority. (FIPS 201) (NISTIR)
Identity Certificate – a certificate that provides authentication of the identity claimed. Within the National Security Systems (NSS) PKI, identity certificates may be used only for authentication or may be used for both authentication and digital signatures. (CNSSI-4009) (NISTIR)
A set of data that uniquely identifies a key pair and an owner that is authorized to use the key pair. The certificate contains the owner’s public key and possibly other information, and is digitally signed by a Certification Authority (i.e., a trusted party), thereby binding the public key to the owner. (FIPS 186) (NISTIR)
Identity Proofing – The process by which a Credentials Service Provider (CSP) and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person. (SP 800-63) (NISTIR)
The process of providing sufficient information (e.g., identity history, credentials, documents) to a Personal Identity Verification Registrar when attempting to establish an identity. (FIPS 201) (NISTIR)
Identity Registration – The process of making a person’s identity known to the Personal Identity Verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system. (FIPS 201; CNSSI-4009) (NISTIR)
Identity Token – Smart card, metal key, or other physical object used to authenticate identity. (CNSSI-4009) (NISTIR)
Identity Validation – Tests enabling an information system to authenticate users or resources. (CNSSI-4009) (NISTIR)
Identity Verification – The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card of system and associated with the identity being claimed. (FIPS 201) (NISTIR)
Image – An exact bit-stream copy of all electronic data on a device, performed in a manner that ensures that the information is not altered. (SP 800-72) (NISTIR)
Imitative Communications Deception – Introduction of deceptive messages or signals into an adversary's telecommunications signals. See also Communications Deception and Manipulative Communications Deception. (CNSSI-4009) (NISTIR)
Impact – The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. (SP 800-60) (NISTIR)
Impact Level – The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. (CNSSI-4009) (NISTIR)
High, Moderate, or Low security categories of an information system established in FIPS 199 which classify the intensity of a potential impact that may occur if the information system is jeopardized. (SP 800-34) (NISTIR)
Impact Value – The assessed potential impact resulting from a compromise of the confidentiality, integrity, or availability of an information type, expressed as a value of low, moderate, or high. (SP 800-30) (NISTIR)
Implant – Electronic device or electronic equipment modification designed to gain unauthorized interception of information-bearing emanations. (CNSSI-4009) (NISTIR)
Inadvertent Disclosure – Type of incident involving accidental exposure of information to an individual not authorized access. (CNSSI-4009) (NISTIR)
Incident – A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. (SP 800-61) (NISTIR)
An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. (FIPS 200; SP 800-53) (NISTIR)
An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system; or the information the system processes, stores, or transmits; or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. (CNSSI-4009) (NISTIR)
Incident Handling – The mitigation of violations of security policies and recommended practices. (SP 800-61) (NISTIR)
Incident Management - The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. (Adapted from: NCSD Glossary, ISSG NCPS Target Architecture Glossary) (NICCS)
Incident Response - The activities that address the short-term, direct effects of an incident and may also support short-term recovery. (From: Workforce Framework) (NICCS)
Extended Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities. (NICCS)
Synonym(s): response
Related Term(s): recovery
Incident Response Plan – The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information system(s). (SP 800-34) (NISTIR)
The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of an incident against an organization’s IT system(s). (CNSSI-4009) (NISTIR)
A set of predetermined and documented procedures to detect and respond to a cyber incident. (Adapted from: CNSSI 4009) (NICCS)
The activities that address the short-term, direct effects of an incident, and may also support short-term recovery. (UK 2016)
Incomplete Parameter Checking – System flaw that exists when the operating system does not check all parameters fully for accuracy and consistency, thus making the system vulnerable to penetration. (CNSSI-4009) (NISTIR)
Inculpatory Evidence – Evidence that tends to increase the likelihood of fault or guilt. (SP 800-72) (NISTIR)
Independent Validation Authority – (IVA) Entity that reviews the soundness of independent tests and system compliance with all stated security controls and risk mitigation actions. IVAs will be designated by the Authorizing Official as needed. (CNSSI-4009) (NISTIR)
Independent Verification & Validation (IV&V) – A comprehensive review, analysis, and testing (software and/or hardware) performed by an objective third party to confirm (i.e., verify) that the requirements are correctly defined, and to confirm (i.e., validate) that the system correctly implements the required functionality and security requirements. (CNSSI-4009) (NISTIR)
Indicator – Recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack. (CNSSI-4009) (NISTIR)
A sign that an incident may have occurred or may be currently occurring. (SP 800-61) (NISTIR)
An occurrence or sign that an incident may have occurred or may be in progress. (Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT), ISSG V1.2 Database) (NICCS)
Individual – A citizen of the United States or an alien lawfully admitted for permanent residence. Agencies may, consistent with individual practice, choose to extend the protections of the Privacy Act and EGovernment Act to businesses, sole proprietors, aliens, etc. (SP 800-60) (NISTIR)
Individual Accountability – Ability to associate positively the identity of a user with the time, method, and degree of access to an information system. (CNSSI-4009) (NISTIR)
Individuals – An assessment object that includes people applying specifications, mechanisms, or activities. (SP 800-53A) (NISTIR)1
Industrial Control System – An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include supervisory control and data acquisition systems (SCADA) used to control geographically dispersed assets, as well as distributed control systems (DCS) and smaller control systems using programmable logic controllers to control localized processes. (SP 800-53; SP 800-53A; SP 800-39; SP 800-30) (NISTIR)
Industrial Internet of Things (IIoT) – the use of Internet of Things technologies in manufacturing and industry. (UK 2016)
Informal Security Policy – Natural language description, possibly supplemented by mathematical arguments, demonstrating the correspondence of the functional specification to the high-level design. (CNSSI-4009) (NISTIR)
Information – An instance of an information type. (FIPS 200; FIPS 199; SP 800-60; SP 800-53; SP 800-37) (NISTIR)
Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual. (CNSSI-4009) (NISTIR)
- Facts, data, or instructions in any medium or form.
- The meaning that a human assigns to data by means of the known conventions used in their representation. (JP 1-02) (Jt Pub 3-13)
Information and Communication(s) Technology - Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information. (Adapted from: The Access Board's 2011 Advance Notice of Proposed Rulemaking for Section 508) (NICCS)
Related Term(s): information technology
Information Assurance (IA) – Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. (SP 800-59; CNSSI-4009) (NISTIR)
Information Assurance Compliance - In the NICE Workforce Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. (From: NICE Workforce Framework) (NICCS)
Information Assurance Component – (IAC) An application (hardware and/or software) that provides one or more Information Assurance capabilities in support of the overall security and operational objectives of a system. (CNSSI-4009) (NISTIR)
Information Assurance Manager – (IAM) See Information Systems Security Manager. SOURCE: CNSSI-4009
Information Assurance Officer – (IAO) See Information Systems Security Officer. (CNSSI-4009) (NISTIR)
Information Assurance (IA) Professional – Individual who works IA issues and has real-world experience plus appropriate IA training and education commensurate with their level of IA responsibility. (CNSSI-4009) (NISTIR)
Information Assurance Vulnerability Alert (IAVA) – Notification that is generated when an Information Assurance vulnerability may result in an immediate and potentially severe threat to DoD systems and information; this alert requires corrective action because of the severity of the vulnerability risk. (CNSSI-4009) (NISTIR)
Information Domain – A three-part concept for information sharing, independent of, and across information systems and security domains that
1) identifies information sharing participants as individual members,
2) contains shared information objects, and
3) provides a security policy that identifies the roles and privileges of the members and the protections required for the information objects. (CNSSI-4009) (NISTIR)
Information Environment – Aggregate of individuals, organizations, and/or systems that collect, process, or disseminate information, also included is the information itself. (CNSSI-4009) (NISTIR)
Information Flow Control – Procedure to ensure that information transfers within an information system are not made in violation of the security policy. (CNSSI-4009) (NISTIR)
Information Management – The planning, budgeting, manipulating, and controlling of information throughout its life cycle. (CNSSI-4009) (NISTIR)
Information Operations (IO) – The integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial human and automated decision-making process, information, and information systems while protecting our own. (CNSSI-4009) (NISTIR)
Information Owner – Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. See Information Steward. (FIPS 200; SP 800-37; SP 800-53; SP 800-60; SP 800-18) (NISTIR)
Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, classification, collection, processing, dissemination, and disposal. (CNSSI-4009) (NISTIR)
Information Resources – Information and related resources, such as personnel, equipment, funds, and information technology. (FIPS 200; FIPS 199; SP 800-53; SP 800-18; SP 800-60; 44 U.S.C., Sec. 3502; CNSSI-4009) (NISTIR)
Information Resources Management (IRM) – The planning, budgeting, organizing, directing, training, controlling, and management activities associated with the burden, collection, creation, use, and dissemination of information by agencies. (CNSSI-4009) (NISTIR)
Information Security – The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. (SP 800-37; SP 800-53; SP 800-53A; SP 800-18; SP 800- 60; CNSSI-4009; FIPS 200; FIPS 199; 44 U.S.C., Sec. 3542) (NISTIR)
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—
1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;
2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and
3) availability, which means ensuring timely and reliable access to and use of information. (SP 800-66; 44 U.S.C., Sec 3541) (NISTIR)
Information Security Architect – Individual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes. (SP 800-37) (NISTIR)
Information Security Architecture – An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans. (SP 800-39) (NISTIR)
Information Security Continuous Monitoring (ISCM) – Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
[Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.] (SP 800-137) (NISTIR)
A process to:
- Define an ISCM strategy;
- Establish an ISCM program;
- Implement an ISCM program;
- Analyze data and Report findings;
- Respond to findings; and
Review and Update the ISCM strategy and program. (SP 800-137) (NISTIR)
Information Security Continuous Monitoring (ISCM) Program – A program established to collect information in accordance with preestablished metrics, utilizing information readily available in part through implemented security controls. (SP 800-137) (NISTIR)
Information Security Policy – Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information. (SP 800-53; SP 800-37; SP 800-18; CNSSI-4009) (NISTIR)
Information Security Program Plan – Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements. (SP 800-37; SP 800-53; SP 800-53A) (NISTIR)
Information Security Risk – The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. See Risk. (SP 800-30) (NISTIR)
Information Sharing – The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs. (SP 800-16) (NISTIR)
Information Sharing Environment – 1. An approach that facilitates the sharing of terrorism and homeland security information; or 2. ISE in its broader application enables those in a trusted partnership to share, discover, and access controlled information. (CNSSI-4009) (NISTIR)
Information Steward – An agency official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. (CNSSI-4009) (NISTIR)
Individual or group that helps to ensure the careful and responsible management of federal information belonging to the Nation as a whole, regardless of the entity or source that may have originated, created, or compiled the information. Information stewards provide maximum access to federal information to elements of the federal government and its customers, balanced by the obligation to protect the information in accordance with the provisions of FISMA and any associated security-related federal policies, directives, regulations, standards, and guidance. (SP 800-37) (NISTIR)
Information Superiority. The operational advantage derived from the ability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same. (This term and its definition modify the existing term and its definition and are approved for inclusion in the next edition of JP 1-02) (Jt Pub 3-13)
Information System – A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. [Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.] (SP 800-53; CNSSI-4009) (NISTIR)
The entire infrastructure, organization, personnel, and components for the collection, processing, storage, transmission, display, dissemination, and disposition of information. (This term and its definition modify the existing term and its definition and are approved for inclusion in the next edition of JP 1-02) (Jt Pub 3-13)
Information System Boundary – See Authorization Boundary. (NISTIR)
Information System Contingency Plan (ISCP) – Management policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters. (SP 800-34) (NISTIR)
Information System Life Cycle – The phases through which an information system passes, typically characterized as initiation, development, operation, and termination (i.e., sanitization, disposal and/or destruction). (CNSSI-4009) (NISTIR)
Information System Owner (or Program Manager) – Official responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system. (SP 800-53; SP 800-53A; SP 800-18; SP 800-60) (NISTIR)
Information System-Related Security Risks – Information system-related security risks are those risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and consider impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation. See Risk. (SP 800-37; SP 800-53A) (NISTIR)
Information System Resilience – The ability of an information system to continue to operate while under attack, even if in a degraded or debilitated state, and to rapidly recover operational capabilities for essential functions after a successful attack. (SP 800-30 T) (NISTIR)
The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs. (SP 800-39) (NISTIR)
Information Systems Security – (INFOSEC) Protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. (CNSSI-4009) (NISTIR)
Information Systems Security Engineer (ISSE) – Individual assigned responsibility for conducting information system security engineering activities. (SP 800-37; CNSSI-4009) (NISTIR)
Information Systems Security Engineering (ISSE) – Process of capturing and refining information protection requirements to ensure their integration into information systems acquisition and information systems development through purposeful security design or configuration. (CNSSI-4009) (NISTIR)
Process that captures and refines information security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration. (SP 800-37) (NISTIR)
Information Systems Security Equipment Modification – Modification of any fielded hardware, firmware, software, or portion thereof, under NSA configuration control.
There are three classes of modifications: mandatory (to include human safety); optional/special mission modifications; and repair actions. These classes apply to elements, subassemblies, equipment, systems, and software packages performing functions such as key generation, key distribution, message encryption, decryption, authentication, or those mechanisms necessary to satisfy security policy, labeling, identification, or accountability. (CNSSI-4009) (NISTIR)
Information Systems Security Manager (ISSM) – Individual responsible for the information assurance of a program, organization, system, or enclave. (CNSSI-4009) (NISTIR)
Information Systems Security Officer (ISSO) – Individual assigned responsibility for maintaining the appropriate operational security posture for an information system or program. (CNSSI-4009) (NISTIR)
Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program. (SP 800-39) (NISTIR)
Information Systems Security Operations - In the NICE Workforce Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer). (From: NICE Workforce Framework) (NICCS)
Information Systems Security Product – Item (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security. (CNSSI-4009) (NISTIR)
Information Technology – Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency.
For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which—
1) requires the use of such equipment; or
2) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources. (SP 800-53; SP 800-53A; SP 800-37; SP 800-18; SP 800- 60; FIPS 200; FIPS 199; CNSSI-4009; 40 U.S.C., Sec. 11101 and Sec 1401) (NISTIR)
Information Type – A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization or in some instances, by a specific law, Executive Order, directive, policy, or regulation. (SP 800-53; SP 800-53A; SP 800-37; SP 800-18; SP 800- 60; FIPS 200; FIPS 199; CNSSI-4009) (NISTIR)
Information Value – A qualitative measure of the importance of the information based upon factors such as: level of robustness of the Information Assurance controls allocated to the protection of information based upon: mission criticality, the sensitivity (e.g., classification and compartmentalization) of the information, releasability to other countries, perishability/longevity of the information (e.g., short life data versus long life intelligence source data), and potential impact of loss of confidentiality and integrity and/or availability of the information. (CNSSI-4009 Inheritance – See Security Control Inheritance.) (NISTIR)
Initialization Vector (IV) – A vector used in defining the starting point of an encryption process within a cryptographic algorithm. (FIPS 140-2) (NISTIR)
Initialize – Setting the state of a cryptographic logic prior to key generation, encryption, or other operating mode. (CNSSI-4009) (NISTIR)
Initiator – The entity that initiates an authentication exchange. (FIPS 196) (NISTIR)
Innovation Base of the United States - The American network of knowledge, capabilities, and people—including those in academia, National Laboratories, and the private sector—that turns ideas into innovations, transforms discoveries into successful commercial products and companies, and protects and enhances the American way of life. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Input Validation Attacks - Input Validations Attacks are where an attacker intentionally sends unusual input in the hopes of confusing an application.
Insider – someone who has trusted access to the data and information systems of an organisation and poses an intentional, accidental or unconscious cyber threat. (UK 2016)
Inside Threat – An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. (SP 800-32) (NISTIR)
A person or group of persons within an organization who pose a potential risk through violating security policies. (NICCS)
Extended Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm. (NICCS)
Inspectable Space – Three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. Synonymous with zone of control. (CNSSI-4009) (NISTIR)
Integrated Risk Management - The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise. (Adapted from: DHS Risk Lexicon) (NICCS)
Related Term(s): risk management, enterprise risk management
Integrity – Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. (SP 800-53; SP 800-53A; SP 800-18; SP 800-27; SP 800- 37; SP 800-60; FIPS 200; FIPS 199; 44 U.S.C., Sec. 3542) (NISTIR)
The property that sensitive data has not been modified or deleted in an unauthorized and undetected manner. (FIPS 140-2) (NISTIR)
The property whereby an entity has not been modified in an unauthorized manner. (CNSSI-4009) (NISTIR)
Integrity Check Value – Checksum capable of detecting modification of an information system. (CNSSI-4009) (NISTIR)
Intellectual Property – Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation. (SP 800-32) (NISTIR)
Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights.
Under intellectual property law, the holder of one of these abstract “properties” has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered. (CNSSI-4009) (NISTIR)
Intelligence Preparation of the Battlespace. An analytical methodology employed to reduce uncertainties concerning the enemy, environment, and terrain for all types of operations. Intelligence preparation of the battlespace builds an extensive database for each potential area in which a unit may be required to operate. The database is then analyzed in detail to determine the impact of the enemy, environment, and terrain on operations and presents it in graphic form. Intelligence preparation of the battlespace is a continuing process. Also called IPB. (JP 1-02) (Jt Pub 3-13)
Intent - A state of mind or desire to achieve an objective. (Adapted from: DHS Risk Lexicon) (NICCS)
Related Term(s): capability
Interconnection Security Agreement (ISA) – An agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection.
The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations. (SP 800-47) (NISTIR)
A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. It is usually preceded by a formal MOA/MOU that defines high-level roles and responsibilities in management of a cross-domain connection. (CNSSI-4009) (NISTIR)
Interface – Common boundary between independent systems or modules where interactions take place. (CNSSI-4009) (NISTIR)
Interface Control Document – Technical document describing interface controls and identifying the authorities and responsibilities for ensuring the operation of such controls. This document is baselined during the preliminary design review and is maintained throughout the information system life cycle. (CNSSI-4009) (NISTIR)
Interim Approval to Operate – (IATO) Temporary authorization granted by a DAA for an information system to process information based on preliminary results of a security evaluation of the system. (To be replaced by ATO and POA&M) (CNSSI-4009) (NISTIR)
Interim Approval to Test (IATT) – Temporary authorization to test an information system in a specified operational information environment within the time frame and under the conditions or constraints enumerated in the written authorization. (CNSSI-4009) (NISTIR)
Intermediate Certification Authority (CA) – A Certification Authority that is subordinate to another CA, and has a CA subordinate to itself. (SP 800-32) (NISTIR)
Internal Network – A network where: (i) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or (ii) cryptographic encapsulation or similar security technology provides the same effect. An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned. (SP 800-53 A) (NISTIR)network where
1) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or
2) cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints provides the same effect (at least with regard to confidentiality and integrity). An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned. (CNSSI-4009) (NISTIR)
Internal Security Controls – Hardware, firmware, or software features within an information system that restrict access to resources only to authorized subjects. (CNSSI-4009) (NISTIR)
Internal Security Testing – Security testing conducted from inside the organization’s security perimeter. (SP 800-115) (NISTIR)
Internet – The Internet is the single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share
(a) the protocol suite specified by the Internet Architecture Board (IAB), and
(b) the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN). (CNSSI-4009) (NISTIR)
A global computer network, providing a variety of information and communication facilities, consisting of interconnected networks using standardised communication protocols. (UK 2016)
Internet of Things – the totality of devices, vehicles, buildings and other items embedded with electronics, software and sensors that communicate and exchange data over the Internet. (UK 2016)
Internet Protocol (IP) – Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. (CNSSI-4009) (NISTIR)
Interoperability – For the purposes of this standard, interoperability allows any government facility or information system, regardless of the PIV Issuer, to verify a cardholder’s identity using the credentials on the PIV Card. (FIPS 201) (NISTIR)
The ability of two or more systems or components to exchange information and to use the information that has been exchanged. (NICCS)
Interview – A type of assessment method that is characterized by the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or lead to the location of evidence, the results of which are used to support the determination of security control effectiveness over time. (SP 800-53A) (NISTIR)
In the Wild - A term that can be used to describe malware in general use (thereby making attribution difficult) or an unpatched or unknown vulnerability discovered in an information system. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Intranet – A private network that is employed within the confines of a given enterprise (e.g., internal to a business or agency). (CNSSI-4009) (NISTIR)
Intrusion – Unauthorized act of bypassing the security mechanisms of a system. (CNSSI-4009) (NISTIR)
Intrusion Detection Systems (IDS) – Hardware or software product that gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organizations) and misuse (attacks from within the organizations.) (CNSSI-4009) (NISTIR)
(Host-Based) IDSs which operate on information collected from within an individual computer system. This vantage point allows host-based IDSs to determine exactly which processes and user accounts are involved in a particular attack on the Operating System.
Furthermore, unlike network-based IDSs, host-based IDSs can more readily “see” the intended outcome of an attempted attack, because they can directly access and monitor the data files and system processes usually targeted by attacks. (SP 800-36; CNSSI-4009) (NISTIR)
(Network-Based) IDSs which detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one networkbased IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment. (SP 800-36; CNSSI-4009) (NISTIR)
Intrusion Detection and Prevention System (IDPS) – Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidents. (SP 800-61) (NISTIR)
Intrusion Prevention System(s) (IPS) – System(s) which can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets. (SP 800-36; CNSSI-4009) (NISTIR)
Inverse Cipher – Series of transformations that converts ciphertext to plaintext using the Cipher Key. (FIPS 197) (NISTIR)
Investigate a NICE Workforce Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence. (From: NICE Workforce Framework) (NICCS)
Investigation A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence. (NICCS)
IOCs – See Indicators of Compromise
IP Security (IPsec) – Suite of protocols for securing Internet Protocol (IP) communications at the network layer, layer 3 of the OSI model by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment. (CNSSI-4009) (NISTIR)
IT asset – Synonym(s): asset
IT-Related Risk – The net mission/business impact considering:
1) the likelihood that a particular threat source will exploit, or trigger, a particular information system vulnerability, and
2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to: Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information; Non-malicious errors and omissions; IT disruptions due to natural or man-made disasters; or Failure to exercise due care and diligence in the implementation and operation of the IT. (SP 800-27) (NISTIR)
IT Security Architecture – A description of security principles and an overall approach for complying with the principles that drive the system design; i.e., guidelines on the placement and implementation of specific security services within various distributed computing environments. (SP 800-27) (NISTIR)
IT Security Awareness – The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. (SP 800-50) (NISTIR)
IT Security Awareness and Training Program – Explains proper rules of behavior for the use of agency IT systems and information. The program communicates IT security policies and procedures that need to be followed. (SP 800-50) (NISTIR)
IT Security Education – IT Security Education seeks to integrate all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multidisciplinary study of concepts, issues, and principles (technological and social), and strives to produce IT security specialists and professionals capable of vision and proactive response. (SP 800-50) (NISTIR)
IT Security Investment – An IT application or system that is solely devoted to security. For instance, intrusion detection systems (IDS) and public key infrastructure (PKI) are examples of IT security investments. (SP 800-65) (NISTIR)
IT Security Metrics – Metrics based on IT security performance goals and objectives. (SP 800-55) (NISTIR)
IT Security Policy – The “documentation of IT security decisions” in an organization. NIST SP 800-12 categorizes IT Security Policy into three basic types:
1) Program Policy—high-level policy used to create an organization’s IT security program, define its scope within the organization, assign implementation responsibilities, establish strategic direction, and assign resources for implementation.
2) Issue-Specific Policies—address specific issues of concern to the organization, such as contingency planning, the use of a particular methodology for systems risk management, and implementation of new regulations or law. These policies are likely to require more frequent revision as changes in technology and related factors take place.
3) System-Specific Policies—address individual systems, such as establishing an access control list or in training users as to what system actions are permitted. These policies may vary from system to system within the same organization. In addition, policy may refer to entirely different matters, such as the specific managerial decisions setting an organization’s electronic mail (email) policy or fax security policy. (SP 800-35) (NISTIR)
IT Security Training – IT Security Training strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT security (e.g., management, systems design and development, acquisition, auditing).
The most significant difference between training and awareness is that training seeks to teach skills, which allow a person to perform a specific function, while awareness seeks to focus an individual’s attention on an issue or set of issues. The skills acquired during training are built upon the awareness foundation, in particular, upon the security basics and literacy material. (SP 800-50) (NISTIR)