IaC (Information Assurance Component) / (Infrastructure as code)
- The process of managing and provisioning an organization’s IT infrastructure using machine-readable configuration files, rather than employing physical hardware configuration or interactive configuration tools.ict supply chain threat
- A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.IDaaS (identity as a Service)
- a cloud-based identity and access management (IAM) offered by a third-party provideridentity and access management
- The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.IDPS (Intrusion Detection and Prevention System)
- Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidentsIIoT
- the collection of sensors, instruments and autonomous devices connected through the internet to industrial applicationsimpersonation
- An attack type targeted phishing attack where a malicious actor pretends to be someone else or other entities to steal sensitive dataincident
- An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.incident management
- The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.incident response
- The activities that address the short-term, direct effects of an incident and may also support short-term recovery.incident response plan
- A set of predetermined and documented procedures to detect and respond to a cyber incident.indicator
- An occurrence or sign that an incident may have occurred or may be in progress.industrial control system
- An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.information and communication(s) technology
- Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.information assurance
- The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.information assurance compliance
- In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.information security policy
- An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.information sharing
- An exchange of data, information, and/or knowledge to manage risks or respond to incidents.information system resilience
- The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.information systems security operations
- In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officeinformation technology
- Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.InfoSec (Information Security)
- the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspectioninside( r) threat
- A person or group of persons within an organization who pose a potential risk through violating security policies.integrated risk management
- The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.integrity
- The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.intent
- A state of mind or desire to achieve an objective.interoperability
- The ability of two or more systems or components to exchange information and to use the information that has been exchanged.intrusion
- An unauthorized act of bypassing the security mechanisms of a network or information system.intrusion detection
- The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.investigate
- a NICE Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidenceinvestigation
- A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.IoA (Indicators of Attack)
- a clue that a malicious entity has gained, or is attempting to gain, unauthorized access to the network or assets connected to the networkIoC (Indicators of Compromise)
- clues and evidence of a data breachIPSec (Internet Protocol Security)
- a set of communication rules or protocols for setting up secure connections over a network
