I Flashcards
Identity and access management (IAM)
Encapsulates people, processes and products to identify and manage the data used in an information system to authenticate users and grant or deny access rights to data and system resources. The goal of IAM is to provide
appropriate access to enterprise resources.
Impact analysis
A study to prioritize the criticality of information resources for the enterprise based on costs (or consequences) of adverse events. In an impact analysis, threats to assets are identified and potential business losses
determined for different time periods. This assessment is used to justify the extent of safeguards that are required and recovery time frames. This analysis is the basis for establishing the recovery strategy.
Incident response plan
Also called IRP. The operational component of incident management.
Incident response
The response of an enterprise to a disaster or other significant event that may significantly affect the enterprise, its people or its ability to function productively. An incident response may include evacuation of a facility, initiating a disaster recovery plan (DRP), performing damage assessment and any other measures necessary to bring an enterprise to a more stable status.
Incident
A violation or imminent threat of violation of computer security policies, acceptable use policies, guidelines or standard security practices
Information security governance
The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed
appropriately and verifying that the enterprise’s resources are used responsibly.
Information security program
The overall combination of technical, operational and procedural measures and management structures implemented to provide for the confidentiality, integrity and availability of information based on business
requirements and risk analysis
Information security
Ensures that, within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity) and nonaccess when required (availability). Information security deals with all formats of information
Infrastructure as a Service (IaaS)
Offers the capability to provision processing, storage, networks and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating systems (OSs) and
applications
Integrity
The guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
Internal controls
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected
Internet service provider (ISP)
A third party that provides individuals and enterprises with access to the Internet and a variety of other Internet-related services
Interruption window
The time that the company can wait from the point of failure to the restoration of the minimum and critical services or applications. After this time, the progressive losses caused by the interruption are excessive for the
enterprise.
Intrusion detection system (IDS)
Inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack
Intrusion detection
The process of monitoring the events occurring in a computer system or network to detect signs of unauthorized access or attack
Intrusion prevention system (IPS)
A system designed to not only detect attacks, but also prevent the intended victim hosts from being affected by the attacks
IP Security (IPSec)
A set of protocols developed by the Internet Engineering Task Force (IETF) to support the secure exchange of packets
ISO/IEC 17799
This standard defines information’s confidentiality, integrity and availability controls in a comprehensive information security management system.
ISO/IEC 27001
Information Security Management
IT governance
The responsibility of executives and the board of directors; consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives.
IT steering committee
An executive-management-level committee that assists in the delivery of the IT strategy, oversees day-to-day management of IT service delivery and IT projects, and focuses on implementation aspects.
IT strategic plan
A long-term plan (i.e., three- to five-year horizon) in which business and IT management cooperatively describe how IT resources will contribute to the enterprise’s strategic objectives (goals).
IT strategy committee
A committee at the level of the board of directors to ensure that the board is involved in major IT matters and decisions.
