UCF Glossary

IAIP (Information Assurance and Infrastructure Protection Directorate of the DHS)

An organization within the Department of Homeland Security. IAD's mission involves detecting, reporting, and responding to cyber threats; making encryption codes to securely pass information between systems; and embedding IA measures directly into the emerging Global Information Grid. It includes building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions. It entails testing the security of customers' systems, providing OPSEC assistance, and evaluating commercial software and hardware against nationally set standards, to better meet our nation's IA needs. See also http://www.nsa.gov/ia/ for more information. [de facto]

IATO (Interim Approval To Operate)

Temporary authorization granted by a DAA for an information system to process information based on preliminary results of a security evaluation of the system. [US National Information Assurance (IA) Glossary]

IATT (Interim Approval To Test)

Temporary authorization to test an information system in a specified operational information environment within the timeframe and under the conditions or constraints enumerated in the written authorization. [US National Information Assurance (IA) Glossary]

ICAEW (Institute of Chartered Accountants in England & Wales)

The Institute of Chartered Accountants in England & Wales is the largest professional accountancy body in Europe with over 128,000 members.
The Institute was established by Royal Charter in 1880. It is now a key influencer on the international stage and the leading UK body of finance professionals offering world class qualifications. See also http://www.icaew.co.uk for more information. [de facto]

ICC (International Chamber of Commerce)

CC (International Chamber of Commerce) is the voice of world business championing the global economy as a force for economic growth, job creation and prosperity. ICC activities cover a broad spectrum, from arbitration and dispute resolution to making the case for open trade and the market economy system, business self-regulation, fighting corruption or combating commercial crime. See also http://www.iccwbo.org for more information. [de facto]

ICMP (Internet Control Message Protocol)

An extension to the Internet Protocol (IP) that supports packets containing error, control and informational messages. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used, for example, in determining whether systems are up, maximum packet sizes on links, or whether a destination host/network/port is available. Hackers typically (abuse) use ICMP to determine information about the remote site. [ISACA]

ICR (Intelligent Character Recognition)

The conversion of scanned images (bar codes or patterns of bits) to computer recognizable codes (ASCII characters and files) by means of software/programs which define the rules of and algorithms for conversion This is an advanced form of Optical Character Recognition technology that may include capabilities such as learning fonts during processing or using context to strengthen probabilities of correct recognition or that can recognize hand print characters. [AIIM, Sedona Conference]

ID (Identity)

Information that is unique within a security domain and which is recognized as denoting a particular organization, system, asset, or person within that domain. Since the legal names of persons are not necessarily unique, the identity of a person must include sufficient additional information to make the complete name unique. [NIST 800 series, ISO/IEC 27001:2005, PCI-DSS, NIST 800 Series, FIPS Pubs]

IDF (Intermediate Distribution Frame)

Also known as a wiring closet; this is the room where the metal rack designated to connect telecommunications cables are located. The IDF consists of IT assets that provide the connection between inter-building cabling and intra-building cabling, i.e., between the MDF and local cabling runs out to devices. [Network Frontiers]

IDS (Intrusion Detection System)

Methods to track system activities to determine if current actions are consistent with the established policies and to identify to system administrators inconsistencies that may signal unauthorized access. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. [ISACA, Centers for Medicare & Medicaid Services (CMS), PCI-DSS, NIST 800 Series]

IEEE (Institute of Electrical and Electronics Engineers)

Pronounced I-triple-E, IEEE is an organization composed of engineers, scientists, and students. The IEEE is best known for developing standards for the computer and electronics industry. See also http://www.ieee.org/portal/site for more information. [ISACA, Sedona Conference]

IETF (Internet Engineering Task Force)

The Internet standards setting organization with international affiliates from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet. See also http://www.ietf.org for more information. [ISACA, PCI-DSS]

IFAC (International Federation of Accountants)

IFAC is the global organization for the accountancy profession. It works with its 163 member organizations in 120 countries to protect the public interest by encouraging high quality practices by the world's accountants. IFAC members represent 2.5 million accountants employed in public practice, industry and commerce, government, and academe. Its structure and governance provide for the representation of its diverse constituencies and interaction with external groups that rely on or influence the work of accountants. See also http://www.ifac.org for more information. [de facto]

IIA (Institute of Internal Auditors)

Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association of more than 117,000 members with global headquarters in Altamonte Springs, Fla., United States. Throughout the world, the IIA is recognized as the internal audit profession’s leader in certification, education, research, and technological guidance. See also http://www.theiia.org for more information. [de facto]

IIOP (Internet Inter-ORB Protocol)

A protocol developed by the Object Management Group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules or program parts such as tables, arrays, and more complex program sub-elements are referred to as objects. Use of IIOP in this process enables browsers and servers to exchange both simple and complex objects. This significantly differs from HTTP which only supports the transmission of text. [ISACA]

IM (Instant Messaging)

A form of electronic communication involving immediate correspondence between two or more online users. Peer-to-peer IM communications may not be stored on servers after receipt; logging of peer-to-peer IM messages is typically done on the client computer, and may be optionally enabled or disabled on each client. [de facto, Sedona Conference]

IP (Internet Protocol)

Specifies the format of packets and the addressing scheme. The standard protocol for transmission of data from source to destinations in packet switched communications networks and interconnected systems of such networks. [ISACA, Workgroup for Electronic Data Interchange, US National Information Assurance (IA) Glossary, PCI-DSS]

IPAC (Intragovernmental Payment and Collection System)

The primary method used by most federal agencies to electronically bill and/or pay for services and supplies within the government. Used to communicate to the Treasury and the trading partner agency that the online billing and/or payment for services and supplies has occurred. [GAO/PCIE Financial Audit Manual]

IPC (Image Processing Card)

A board mounted in the computer, scanner or printer that facilitates the acquisition and display of images. The primary function of most IPCs is the rapid compression and decompression of image files. [Sedona Conference]

IPL (Initial Program Load)

A program that brings another program, often the operating system, into operation to run the computer. Also referred to as a bootstrap or boot program. [FISCAM, ISACA, Centers for Medicare & Medicaid Services (CMS)]

IPS (Intrusion Prevention System)

Implementing the basic IDS, an intrusion prevention system is an in-line device; network traffic flows through it. Unlike the IDS, an IPS is able to block any traffic that appears to be an intrusion. [Network Frontiers, PCI-DSS, NIST 800 Series]

IPsec (Internet Protocol security)

An Institute of Electrical and Electronic Engineers (IEEE) standard, Request For Comments (RFC) 2411, protocol that provides security capabilities at the Internet Protocol (IP) layer of communications. IPsec’s key management protocol is used to negotiate the secret keys that protect Virtual Private Network (VPN) communications, and the level and type of security protections that will characterize the VPN. The most widely used key management protocol is the Internet Key Exchange (IKE) protocol. [Network Frontiers, ISACA, PCI-DSS, NIST 800 series]

IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange)

A networking protocol used by the Novell NetWare operating systems. Like UDP, IPX is a datagram protocol used for connectionless communications. IPX and SPX are derived from Xerox Network Services' IDP and SPP protocols. SPX is a transport layer protocol (layer 4 of the OSI Model) used in Novell Netware networks. The SPX layer sits on top of the IPX layer (layer 3 - the network layer) and provides connection-oriented services between two nodes on the network. SPX is used primarily by client/server applications. IPX and SPX both provide connection services similar to TCP/IP, with the IPX protocol having similarities to IP, and SPX having similarities to TCP. [Sedona Conference, Wikipedia]

IS (Information system)

Organized collections of hardware, software, supplies, policies, procedures and people, which store, process and provide access to information. The entire infrastructure, organization, personnel, and components for the collection, processing, storage, transmission, display, dissemination, and disposition of information. See also computer systems. [NIST 800 series, DIRKS, Centers for Medicare & Medicaid Services (CMS), ISO/IEC 27001:2005, FIPS Pubs, US National Information Assurance (IA) Glossary, PCI-DSS, Sedona Conference]

ISA (Internet Security Alliance)

The Internet Security Alliance was created to provide a forum for information sharing and leadership on information security issues. It represents industry's interests to legislators and regulators and aims to identify and standardize best practices in Internet security and network survivability while creating a collaborative environment to develop and implement information security solutions. The alliance is a collaborative effort between Carnegie Mellon's Software Engineering Institute (SEI), its CERT Coordination Center (CERT/CC), and the Electronic Industries Alliance (EIA), a federation of trade associations. See also http://www.sei.cmu.edu for more information. [de facto]

ISA (Interconnection Security Agreement)

Written management authorization to interconnect information systems based upon acceptance of risk and implementation of established controls. [US National Information Assurance (IA) Glossary, NIST 800 Series]

ISACA (Information Systems Audit and Control Association)

The Information Systems Audit and Control Association (ISACA) is a worldwide organization which provides up-to-date information for professionals in the converging disciplines of auditing, data processing, accounting, data security, and quality assurance. See also http://www.isaca.org for more information. [de facto]

ISC2 (International Information System Security Certification Consortium)

The International Information Systems Security Certification Consortium, or ISC2, is internationally recognized for educating and certifying information security professionals throughout their careers. Their certification programs range from CISSPs through ISSAPs, ISSMP, and others. For more information see https://www.isc2.org. [Generally Accepted Information Security Principles, de facto]

ISDN (Integrated Services Digital Network)

A public end-to-end digital telecommunications network with signaling, switching, and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of digital voice, video, and data over 64 Kbps lines. [ISACA, Sedona Conference]

ISEB (Information Systems Examination Board)

The British computer society information systems examination board is accredited by the ICMB as an examination board. See also http://www.bcs.org/bcs/products/qualifications/iseb for more information. [ITIL]

ISF (Information Security Forum)

The Information Security Forum (ISF) is the world's leading independent authority on information security. By harnessing our world-renowned expertise and the collective knowledge and experience of our members - including 50% of Fortune 100 companies - the ISF delivers practical guidance and solutions to overcome wide-ranging security challenges impacting business information today. See also http://www.securityforum.org for more information. [de facto]

ISMS (Information Security Management System)

An information security management system (ISMS) is a system of management concerned with information security. It is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. The design and implementation of an organization’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution. [ISO/IEC 27001:2005]

ISO (International Organization for Standardization)

The International Organization for Standardization (ISO) is the world’s largest developer of standards. ISO is a non-governmental organization which is a network of the national standards institutes of 156 countries. Further information about ISO is available from http://www.ISO.org/. [ITIL, CobiT, AICPA, Centers for Medicare & Medicaid Services (CMS), PCI-DSS, Sedona Conference]

ISP (Internet Service Provider)

A third party that provides organizations with a variety of Internet and Internet-related services. ISPs may be a source of evidence through files (such as ISP e-mail) stored on ISP servers. See also Application Service Provider, Managed Service Provider. [ISACA, ITIL, Sedona Conference]

ISSA (Information Systems Security Association)

ISSA is a not-for-profit international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. See also http://www.issa.org for more information. [de facto]

ISSE (Information System Security Engineering)

Information Systems Security Engineering (ISSE) is the art and science of discovering users' information protection needs and then designing and making information systems to safely resist the forces to which they may be subjected. ISSE should be an integral part of systems engineering and should support certification and accreditation processes, such as the Department of Defense (DoD) Information Technology Security Certification and Accreditation Process (DITSCAP). The ISSE process comprises the following eight activities: 1) discover Information Protection Needs, 2) Define System Security Requirements, 3) Design System Security Architecture, 4) Develop Detailed Security Design, 5) Implement System Security, 6) Assess Information Protection Effectiveness, 7) Plan Technical Effort, and 8) Manage Technical Effort.

[US National Information Assurance (IA) Glossary]

ISSO (Information Systems Security Officer)

The person responsible for ensuring the security of an information system throughout its life cycle, from design through disposal. The Information Systems Security Officer is responsible for assessing the business risks and setting the information security policy. This role is the counterpart of the Information Systems Security Manager and resides in the customer organization. The Information Systems Security Officer and the Information Security Manager work closely together. This is roughly equivalent to the Chief Information Security Officer and Senior Agency Information Security Officer. See also security officer. [NIST 800 series, Centers for Medicare & Medicaid Services (CMS), ITIL, US National Information Assurance (IA) Glossary]

IT (Information Technology)

Processing information by computer. IT or Information Technology has probably been the most redefined term over the past few years. The definition has varied from simple automation of manual processes using microprocessors to computers to networks to desktop publishing to networking. FIPS 200 provides a much more in-depth definition whereby they define information technology as any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which: 1) requires the use of such equipment; or 2) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources. [Centers for Medicare & Medicaid Services (CMS), CobiT, NIST 800 series, FIPS Pubs, ITIL, Sedona Conference]

ITCI (IT Compliance Institute)

The IT Compliance Institute (ITCi) strives to be a global authority on the role of technology in business governance and regulatory compliance. Through comprehensive education, research, and analysis related to emerging government statutes and affected business and technology practices, they help organizations overcome the challenges posed by today’s regulatory environment and find new ways to turn compliance efforts into capital opportunities. See also http://www.itcinstitute.com for more information. [de facto]

ITF (Integrated Test Facilities)

Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments, customers and products. Output reports are verified to confirm the correctness of the processing. See also integration testing. [ISACA]

ITIL (IT Infrastructure Library)

The UK Office of Government Commerce (OGC) IT Infrastructure Library. A set of guides on the management and provision of operational IT services. A set of best practice guidance for IT service management. ITIL is owned by the OGC and is developed in conjunction with the ITSMF. ITIL consists of a series of publications giving guidance on the provision of quality IT services, and on the processes and facilities needed to support them. See also http://www.ogc.gov.uk/index.asp?id=2261 for more information. [CobiT, ITIL]

ITSCM (IT Service Continuity Management)

The process responsible for managing risks that could seriously impact IT services. ITSCM ensures that the IT service provider can always provide minimum agreed service levels, by reducing the risk to an acceptable level and planning for the recovery of IT services. ITSCM should be designed to support business continuity management and should be a part of the systems continuity plan. [ITIL, Network Frontiers]

ITSM (IT Service Management)

The implementation and management of quality IT services that meet the needs of the business. IT service management is performed by IT service providers through an appropriate mix of people, process, and information technology. [ITIL]

ITSMF (IT Service Management Forum)

The IT service management forum is an independent organization dedicated to promoting a professional approach to IT service management. The ITSMF is a not-for-profit membership organization with representation in many countries around the world (ITSMF chapters). The ITSMF and its membership contribute to the development of ITIL and associated IT service management standards. See also http://www.itsmf.com/ for more information. [ITIL]

ITU (International Telecommunication Union)

An international organization under the UN headquartered in Geneva concerned with telecommunications that develops international data communications standards; known as CCITT prior to March 1, 1993. See also http://www.itu.int. [Sedona Conference]

CA (Intermediate Certification Authority)