Cyber Security Acronyms (I)

I&C.   Instrumentation and Control.   The branch of engineering focused on the measurement and control of different variables in a process, which in turn influences the design and operation of facilities and systems that use said process. The extensive use of computers in key/critical infrastructure has transformed I&C into an attack vector with potentially disastrous consequences.

 

I2P.   Invisible Internet Project.   A free, open-source peer-to-peer communication application that can deliver traditional Internet services within an anonymous and censorship-resistant environment.

 

IA.   Information Assurance.   The field and practice encompassing the protection of information and the management of risks associated with its usage, storage, processing, and transmission. Among other purposes, IA seeks to ensure information integrity and availability, as well as the privacy of user data.

 

IaaS.   Infrastructure as a Service.   An on-demand cloud technology service that provisions customers with network, storage, and other computing resources on a pay-as-you-go basis. The virtualized nature of IaaS frees customers from spending significant capital expenditures on “real,” physical, and on-premise IT infrastructure.

 

IACIS.   International Association of Computer Investigative Specialists.   An international, non-profit, and volunteer-driven organization for computer forensic professionals that provides training, certification, and other membership services.

 

IAM.   Identity and Access Management.   The field, framework, and methods associated with ensuring the exclusive availability of appropriate enterprise resources only to verified legitimate users and only within approved contexts or parameters. Also known as IdM (Identity Management).

 

IAPP.   International Association of Privacy Professionals.   A nonprofit association that serves as a plaform through which privacy professionals share best practices, advance privacy issues, establish professional standards, and provide training and opportunities in the field of data privacy.

 

IAR.   Information Asset Register.   A list that provides details about an organisation’s information assets, including the risks associated with those assets.

 

IAST.   Interactive Application Security Testing.   A method for testing the security posture and analysing the code of a software application. The method deploys agents and sensors to probe the software in real time and detect vulnerabilities while the application is running. IAST can be performed via an automated test or via a human tester.

 

IAVA.   Information Assurance Vulnerability Alert.   An announcement or notification sent when an Information Assurance (IA) vulnerability might result in an immediate and severe threat to U.S. national security, specifically the computer systems and data of the U.S. Department of Defense.

 

IBE.   Identity-Based Encryption.   A type of encryption that generates a public key based on a unique identifier such as a user’s email address. Also known as ID-based Encryption.

 

ICANN.   Internet Corporation for Assigned Names and Numbers.   A U.S.-based nonprofit organisation that helps ensure the continued stability of the Internet by coordinating and managing several databases, including those that pertain to Internet protocol numbers and the Domain Name System (DNS).

 

ICMP.   Internet Control Message Protocol.   A protocol used by network devices to detect communication problems and to send success and error messages during data transmission. While ICMP is crucial for error reporting, it can be exploited by threat actors and repurposed for distributed denial of service (DDoS) attacks.

 

ICS.   Incident Command System.   A standardised framework for the coordination and control of all emergency response assets (including facilities, equipment, and personnel), establishing a common hierarchy and shared protocol to optimise resources and enable inter-agency responders to address incidents more effectively.

 

ICS.   Industrial Control System.   The superset of devices, networks, instrumentation, sensors, and controls that are used to operate industrial processes and critical infrastructures.

 

ICT.   Information and Communications Technology.   The broad field encompassing the systems, networks, and processes that bridge or arise from the integration of telecommunications and computer/information technologies.

 

ID.   Identity Document.   A typically legal or official document that helps verify a person’s identity.

 

ID.   Identifier.   An object, symbol, or reference that uniquely identifies an entity such as a record or database element.

 

ID.   Information Disclosure.   An event or incident wherein sensitive data is unintentionally exposed to users and/or systems that are not authorised to access said information.

 

ID-10T.   Idiot.   A derogatory and informal error code for a technical problem whose root cause lies in the end-user, often due to a common human mistake or serious lack of technical proficiency. Also rendered as 1D-10T (Error). Less sarcastic variants include EBCAK (Error Between Chair and Keyboard),  PEBCAK (Problem Exists Between Chair and Keyboard), and PICNIC (Problem in Chair Not in Computer).

 

IDE.   Integrated Development Environment.   A software application that provides computer programmers with a suite of tools that help them write, edit, test, debug, and package code efficiently.

 

IDM.   Identity Management.   The system and process adopted by an organisation for ensuring and authenticating authorised access to to its  proprietary resources, and for restricting the unauthorised use of said resources.

 

IDOR.   Insecure Direct Object Reference.   A type of access control vulnerability wherein an application permits direct access to a database object via a user-supplied input without an authentication check.

 

IDPS.   Intrusion Detection and Prevention System.   An IT security solution that monitors a network for suspicious activities, alerting threat responders or incident managers when such activities are detected in order for them to preemptively address any threat.

 

IDS.   Intrusion Detection System.   An IT security solution that constantly monitors network events, reporting any malicious activity or potenmtial threat to a network administrator or a security incident and event management (SIEM) system.

 

IEC.   International Electrotechnical Commission.   A Switzerland-based global organisation that publishes technical and electronic equipment standards for the consumer sector.

 

IEEE.   Institute of Electrical and Electronics Engineers.   A professional association of electrical, electronic, communications, and computer engineering (and related fields) dedicated to advancing technology in the service of humanity.

 

IETF.   Internet Engineering Task Force. A non-profit organisation that helps establish the technical standards for the Internet.

 

IG.   Information Governance.   The overall policy framework of an organisation for the handling of information and its associated risks and benefits.

 

IIA.   Institute of Internal Auditors.   An international organisation that provides standards, training, certifications, and guidance for the internal audit profession.

 

IIoT.   Industrial Internet of Things.   The system of interconnected instruments, sensors, appliances, devices, and computer-based industrial applications.

 

IKE.   Internet Key Exchange.   A cryptographic protocol used in establishing a secure and authenticated communication channel between two parties using a virtual private network (VPN).

 

ILO.   Integrated Lights Out.   A proprietary remote server management technology developed by by Hewlett-Packard Enterprise that allows the monitoring, configuration, and operation of servers from a remote location.

 

IM.   Instant Messaging.   A technology that allows real-time transmission of text messages over a computer network such as the Internet.

 

IMAP.    Internet Messaging Access Protocol.   An internet-based protocol widely used by local email clients to retrieve data from remote email servers.

 

InfoSec.   Information Security.   The field focusing on the protection of information.

 

IOC.   Indicator of Compromise.   A record, evidence, or artifact detected in a computer system that indicates an invalid access, hostile activity, or unlawful intrusion by a malicious entity.

 

IoT.   Internet of Things.   A system of devices, sensors, appliances, software, and technologies that are interconnected and exchange data over a computer network such as the Internet.

 

IP.   Internet Protocol.   The communications protocol whose routing function helps establish a global system of interconnected computer networks (i.e., the Internet).

 

IP.   Intellectual Property.   A classification of property that markedly involves the creative function of the human mind. Among the common forms of IP are patents, trade secrets, trademarks, and copyrighted materials.

 

IPMI.   Intelligent Platform Management Interface.   An open-standard specification for hardware management interface designed for an autonomous computer subsystem with data communication and monitoring capabilities independent of the host system’s firmware, central processing unit, and OS.

 

IPP.   Internet Printing Protocol.   A communication protocol for client devices and printers over the Internet, that among other things, enable remote printing processes.

 

IPS.   Intrusion Prevention System.   An IT security tool that persistently monitors a network for suspicious activity and responds to a malicious threat by taking preventive measures such as reporting, isolating, or blocking it.

 

IPSec.   Internet Protocol Security.   A framework of protocols that use cryptography to set up private and secure communications over the Internet.

 

IPT.   Internal Penetration Testing.   An authorised attack on an IT network or computer system orchestrated by an ethical hacker(s) from within the organisation to simulate an insider threat or an intrusion via a stolen user account. The purpose of an IPT is detect the security flaws and vulnerabilities by aggressively probing the network from the inside.

 

IPv4.   Internet Protocol version 4.   The fourth version of the Internet Protocol (IP). It uses a 32-bit address space and was the first version deployed for production on SATNET and ARPANET.

 

IPv6.   Internet Protocol version 6.   The sixth version of the Internet Protocol that was developed by the IETF to address impending address exhaustion of IPv4. To fulfill its purpose, IPv6 uses a 128-bit address.

 

IR.   Infrared.   A subset of electromagnetic radiation that is invisible to the human eye and serves as the core element in many technological applications such as night vision, imaging, and communications. Hackers can exploit infrared communication to inject spyware and other malicious payload in devices such as security cameras.

 

IR.   Incident Response.   A systematic approach to addressing an IT incident, especially a security breach and other forms of cyber attack. Often used interchangeably with Incident Response Plan or Incident Response Policy.

 

IRC.   Internet Relay Chat.   A text-based system for instant messaging that can also be used for group communication such as that in discussion forums, one-on-one private messaging, file sharing, and data transfer.

 

IRM.   Information Rights Management.   A field that focuses on the handling, confidentiality, and protection of sensitive information mostly in the form of email, spreadsheets, presentations, reports, and other documents. A subfield of digital rights management (DRM), IRM also uses different tools and technologies to restrict/control access to said documents, preventing unauthorised users from copying, editing, printing, deleting, and sharing sensitive documents.

 

ISA.   International Society of Automation.   A non-profit association for engineers, IT professionals, technicians, business people, and other individuals who have an interest in automation, instrumentation, technical standards, and related fields.

 

ISAC.   Information Sharing and Analysis Center.   A nonprofit organisation that provides serves as a platform for research and information exchange between the public and private sector specially on threats to critical infrastructure.

 

ISACA.   Information Systems Audit and Control Association.   A professional nonprofit organisation with a global membership that focuses on IT governance and provides resources, training, and various certifications in different specialised fields.

 

ISAKMP.   Internet Security Association Key Management Protocol.   A protocol that serves as a security framework for Internet-based authentication and key exchange. It uses six packets when establishing IP Security (IPsec) connections.

 

ISECOM.   Institute for Security and Open Methodologies.   A nonprofit organisation that provides security-focused research, methodologies, standards, training, and professional certifications.

 

ISM.   Information Security Manual.   A document that provides a framework and a set of security guidelines to help organisations protect their IT networks, computer systems, and data from cyber threats.

 

ISMS.   Information Security Management System.   A set of policies, standards, and processes that help organisations protect the integrity, availability, and confidentiality of data from cyber threats by minimising risks, addressing vulnerabilities, and ensuring business continuity.

 

ISO.   International Organization for Standardization.   An independent, nongovernmental organisation that develops and establishes international standards for business, commercial, industrial, and technical applications. By advocating for universal standards, ISO helps facilitate world trade and knowledge sharing, setting common standards for virtually every sector including security, healthcare, manufacturing, agriculture, food safety, and electronics. ISO is composed of representatives from the national standards organisations of more than 160 member countries. Not technically an acronym, ISO derives from the Greek word isos, which means equivalent or equal.

 

ISP.   Internet Service Provider.   A company that provides internet connectivity and allied services such as web hosting, domain name registration, email, telephony, and cable television.

 

ISSAF.   Information Systems Security Assessment Framework.   A methodology for conducting a security penetration test where the ethical hacker simulates a hostile cyber attack that follows several standard steps including: information gathering, network mapping, vulnerability detection, penetration, access acquisition, privilege escalation, access maintainenance, and removal of intrusion evidence.

 

IT.   Information Technology.   The use of computers to create, modify, store, transmit, and access all types of data. It also refers to the field, study, or business sector that focuses on the many aspects of computing.

 

ITAM.   IT Asset Management.   The system and process of deploying, tracking, maintaining, upgrading, protecting, and disposing an organisation’s IT assets (such as hardware, software, networks, accounts, licenses, contracts, and data) for the purpose of optimising business value across each asset’s lifecycle. Sometimes interchanged with Data Centre Management (DCM).

 

ITIL.   Information Technology Infrastructure Library. A set of best practices that provides organisations with a business-oriented framework for conducting IT activities and delivering associated services.