Glossary · Nouns · I
L1 — paginated flat list. Pick a POS, pick a letter.
TermTypeDefinitionClassificationsUpdated
Information Assurance ProfessionalnounMWEIndividual who works IA issues and has real-world experience plus appropriate IA training and education commensurate with their level of IA responsibility.Role
Information Assurance Vulnerability AlertnounMWENotification that is generated when an Information Assurance vulnerability may result in an immediate and potentially severe threat to DoD systems and information; this alert requires corrective action because of the severity of the vulnerability risk.VulnerabilityRegulatedCDI
Information DomainnounMWEA three-part concept for information sharing, independent of, and across information systems and security domains that 1) identifies information sharing participants as individual members, 2) contains shared information objects, and 3) provides a security policy that identifies the roles and privileges of the members and the protections required for the information objects.Framework
Information EnvironmentnounMWEAggregate of individuals, organizations, and/or systems that collect, process, or disseminate information, also included is the information itself.System
Information Flow ControlnounMWEProcedure to ensure that information transfers within an information system are not made in violation of the security policy.ControlRegulatedCUI
Information Input ComponentnounMWEOne of the three components of a model. This component delivers assumptions and data to the model.verified
Information ManagementnounMWEThe planning, budgeting, manipulating, and controlling of information throughout its life cycle.Process
Information MeasurenounMWEa system of measurement of information based on the probabilities of the events that convey informationverified
information neednounMWEInsight necessary to manage objectives, goals, risks and problems.RequirementRegulated
Information OperationsnounMWEThe integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial human and automated decision-making process, information, and information systems while protecting our own.CapabilityRegulatedCUI
Information OwnernounMWEOfficial with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. See Information Steward.Role
Information ProcessingnounMWEthe sciences concerned with gathering, manipulating, storing, retrieving, and classifying recorded informationverified
Information Processing SystemnounMWEAny operation or set of operations performed on personal data, whether or not by automated meansverified
Information ResourcesnounMWEInformation and related resources, such as personnel, equipment, funds, and information technology.DataRegulated
Information Resources ManagementnounMWEThe planning, budgeting, organizing, directing, training, controlling, and management activities associated with the burden, collection, creation, use, and dissemination of information by agencies.Process
Information ReturnnounMWEa return that provides information to the tax collector but does not compute the tax liabilityverified
Information SciencenounMWEthe sciences concerned with gathering, manipulating, storing, retrieving, and classifying recorded informationverified
Information SecuritynounMWEProtecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide— 1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; 2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and 3) availability, which means ensuring timely and reliable access to and use of information.Capability
Information Security ArchitectnounMWEIndividual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.Role
Information Security ArchitecturenounMWEAn embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.Framework
Information Security AwarenessnounMWEActivities which seek to focus an individual’s attention on an (information security) issue or set of issues.Process
Information Security Continuous MonitoringnounMWEMaintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. [Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.]Capability
Information Security Continuous Monitoring ProcessnounMWEA process to: • Define an ISCM strategy; • Establish an ISCM program; • Implement an ISCM program; • Analyze data and Report findings; • Respond to findings; and • Review and Update the ISCM strategy and program.ProcessRegulated
Information Security Continuous Monitoring ProgramnounMWEA program established to collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls.ProcessRegulated
information security controlnounMWEPractices and procedures established to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.Control
information security eventnounMWEIdentified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of controls, or a previously unknown situation that may be security relevant.EventRegulated
information security incidentnounMWEA single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.EventRegulated
information security policynounMWEThe rules and guidelines of an organization on how to ensure the confidentiality, integrity, and availability of the organization's information.Requirement
information security procedurenounMWEThe documented series of steps on how to establish and maintain the confidentiality, integrity, and availability of information.Requirement
information security processnounMWEThe activities associated with establishing and maintaining the confidentiality, integrity, and availability of data and information.Process
information security programnounMWEA documented approach for organizing and directing all activities undertaken to ensure the confidentiality, integrity, and availability of the information held by the organization.ProcessInternal
Information Security Program PlannounMWEFormal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.ArtifactRestrictedCUI
Information Security risknounMWEThe risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. See Risk.MetricRegulatedCUI
information security roles and responsibilitiesnounMWEThe position and collection of tasks, duties, obligations that participants undertake to perform the daily and all special tasks in the role of information security.Role
information security strategynounMWEA plan to mitigate risks while complying with legal, statutory, contractual, and internally developed requirements.RequirementInternal
information security threatnounMWEAny circumstance or event with the potential to adversely impact the measures taken so that information and information systems are protected from unauthorized access, use, disclosure, disruption, modification, or destruction.ThreatRegulated
information security trainingnounMWETraining strives to produce relevant and needed (information) security skills and competencies.Process
information sharingnounMWEThe requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs.Process
Information Sharing EnvironmentnounMWE1. An approach that facilitates the sharing of terrorism and homeland security information; or 2. ISE in its broader application enables those in a trusted partnership to share, discover, and access controlled information.SystemRegulatedCUI
information sharing forumnounMWEAn assembly in which participants share problems, solutions, updates, and data on topics relevant to its discourse.Capability
Information StewardnounMWEIndividual or group that helps to ensure the careful and responsible management of federal information belonging to the Nation as a whole, regardless of the entity or source that may have originated, created, or compiled the information. Information stewards provide maximum access to federal information to elements of the federal government and its customers, balanced by the obligation to protect the information in accordance with the provisions of FISMA and any associated security-related federal policies, directives, regulations, standards, and guidance.RoleRegulated
Information SuperhighwaynounMWEan extensive electronic network (such as the internet) used for the rapid transfer of sound and video and graphics in digital formverified
Information SystemnounMWEA discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. [Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.]System
information system componentnounMWEA discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial information technology products.SystemRegulated
Information System Contingency PlannounMWEManagement policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters.ProcessRegulatedCUI
Information System Life CyclenounMWEThe phases through which an information system passes, typically characterized as initiation, development, operation, and termination (i.e., sanitization, disposal and/or destruction).Process
Information System OwnernounMWEOfficial responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.Role
Information System Owner or Program ManagernounMWEOfficial responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.Role
information system resiliencenounMWEThe ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.Capability
Information System Security OfficernounMWEIndividual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for ensuring that the appropriate operational security posture is maintained for an information system or program.Role
Information System-Related Security RisksnounMWEInformation system-related security risks are those risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and consider impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation.ThreatRegulated
Information Systems SecuritynounMWEProtection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.CapabilityRegulated
Information Systems Security EngineernounMWEIndividual assigned responsibility for conducting information system security engineering activities.Role
Information Systems Security EngineeringnounMWEProcess of capturing and refining information protection requirements to ensure their integration into information systems acquisition and information systems development through purposeful security design or configuration.Process
Information Systems Security Equipment ModificationnounMWEModification of any fielded hardware, firmware, software, or portion thereof, under NSA configuration control. There are three classes of modifications: mandatory (to include human safety); optional/special mission modifications; and repair actions. These classes apply to elements, subassemblies, equipment, systems, and software packages performing functions such as key generation, key distribution, message encryption, decryption, authentication, or those mechanisms necessary to satisfy security policy, labeling, identification, or accountability.ProcessRegulatedCUI
Information Systems Security ManagernounMWEIndividual responsible for the information assurance of a program, organization, system, or enclave.Role
Information Systems Security OfficernounMWEIndividual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program.Role
Information Systems Security OperationsnounMWEIn the NICE Workforce Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer).Capability
Information Systems Security ProductnounMWEItem (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security.Capability
information technologynounMWEAny equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which— 1) requires the use of such equipment; or 2) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.System
Information Technology auditnounMWEAn examination of the controls within an Information technology (IT) infrastructure.ProcessRegulated
Information Technology controlnounMWERefers to the internal controls over security management, system development and change management, information processing, communications networks and management of technology service providers.ControlRegulated
Information Technology Management programnounMWEA documented listing of procedures, schedules, roles and responsibilities, and plans to manage Information Technology resources of an organization in accordance with its needs and priorities. These resources may include tangible investments like computer hardware, software, data, networks and data center facilities, as well as the staff who are hired to maintain them.ProcessInternal
Information Technology operationnounMWEThe activities and work involving Information Technology equipment and personnel.Process
Information Technology risknounMWEAny possibility of harm or damage related to Information Technology systems and data.Metric
information technology risk managementnounMWEInformation Technology risk management is the application of the principles of risk management to an Information Technology organization in order to manage the risks associated with the field. Information Technology risk management aims to manage the risks that come with the ownership, involvement, operation, influence, adoption and use of Information Technology as part of a larger enterprise. Information Technology risk management is a component of a larger enterprise risk management system. This encompasses not only the risks and negative effects of service and operations that can degrade organizational value, but it also takes the potential benefits of risky ventures into account.Process
Information Technology servicenounMWEA service provided to one or more customers by an Information Technology (IT) service provider. An IT service is based on the use of information technology and supports the customer’s business processes. An IT service is made up from a combination of people, processes, and technology and should be defined in a service level agreement.Capability
information technology suppliernounMWEInformation systems, components and services providers used for an organization’s internal purposes (e.g., IT infrastructure) or integrated into the products of services provided to that organization’s buyers.Organization
Information Technology systemnounMWEInformation technology systems are collectively the equipment used to create, store and transmit digital data and any related software owned (or otherwise controlled) and used by the State and its agencies to fulfill its service and obligations to the citizens of Arizona.SystemRegulated
Information TheorynounMWE(computer science) a statistical theory dealing with the limits and efficiency of information processingverified
Information TypenounMWEA specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization or in some instances, by a specific law, Executive Order, directive, policy, or regulation.RequirementRegulated
Information ValuenounMWEA qualitative measure of the importance of the information based upon factors such as: level of robustness of the Information Assurance controls allocated to the protection of information based upon: mission criticality, the sensitivity (e.g., classification and compartmentalization) of the information, releasability to other countries, perishability/longevity of the information (e.g., short life data versus long life intelligence source data), and potential impact of loss of confidentiality and integrity and/or availability of the information.Metric
Information WarfarenounMWEInformation Warfare is the competition between offensive and defensive players over information resources.Threat
Informative ReferencenounMWEA specific section of standards, guidelines, and practices common among critical infrastructure sectors that illustrates a method to achieve the outcomes associated with each Cybersecurity Subcategory. An example of an Informative Reference is ISO/IEC 27001 Control A.10.8.3, which supports the “Data-in-transit is protected” Subcategory of the “Data Security” Category in the “Protect” function.Artifact
Informed ConsentnounMWEconsent by a patient to undergo a medical or surgical treatment or to participate in an experiment after the patient understands the risks involvedverified
Informer's PrivilegenounMWEthe right of the government to refuse to reveal the identity of an informerverified
Informingnounto furnish incriminating evidence to an officer of the law (usually in return for favors)verified
Infraorbital ArterynounMWEan artery that originates from the maxillary artery and supplies structures below the orbit (from lower eyelid to upper lip)verified
Infrared EmissionnounMWEelectromagnetic radiation with wavelengths longer than visible light but shorter than radio wavesverified
Infrared LampnounMWEelectric heater consisting of a high-power incandescent lamp that emits infrared radiationverified
Infrared LightnounMWEelectromagnetic radiation with wavelengths longer than visible light but shorter than radio wavesverified
Infrared RadiationnounMWEelectromagnetic radiation with wavelengths longer than visible light but shorter than radio wavesverified
Infrared TherapynounMWEthe use of infrared radiation (as by infrared lamps or heating pads or hot water bottles) to relieve pain and increase circulation to a particular area of the bodyverified
InfrastructurenounDescribes what has been implemented by IT architecture and often include support facilities such as power, cooling, ventilation, server and data redundancy and resilience, and telecommunications lines. Specific architecture types may exist for the following: enterprise, data (information), technology, security, and application.System
Infrastructure as a ServicenounMWEOffers the capability to provision processing, storage, networks and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating systems (OSs) and applicationsCapability