I Flashcards
Identity and access management (IAM)
Encapsulates people, processes and products to identify and manage the data used in an information system to authenticate users and grant or deny access rights to data and system resources. The goal of IAM is to provide
appropriate access to enterprise resources.
Impact analysis
A study to prioritize the criticality of information resources for the enterprise based on costs (or consequences) of adverse events. In an impact analysis, threats to assets are identified and potential business losses
determined for different time periods. This assessment is used to justify the extent of safeguards that are required and recovery time frames. This analysis is the basis for establishing the recovery strategy.
Incident response plan
Also called IRP. The operational component of incident management.
Incident response
The response of an enterprise to a disaster or other significant event that may significantly affect the enterprise, its people or its ability to function productively. An incident response may include evacuation of a facility, initiating a disaster recovery plan (DRP), performing damage assessment and any other measures necessary to bring an enterprise to a more stable status.
Incident
A violation or imminent threat of violation of computer security policies, acceptable use policies, guidelines or standard security practices
Information security governance
The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed
appropriately and verifying that the enterprise’s resources are used responsibly.
Information security program
The overall combination of technical, operational and procedural measures and management structures implemented to provide for the confidentiality, integrity and availability of information based on business
requirements and risk analysis
Information security
Ensures that, within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity) and nonaccess when required (availability). Information security deals with all formats of information
Infrastructure as a Service (IaaS)
Offers the capability to provision processing, storage, networks and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating systems (OSs) and
applications
Integrity
The guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
Internal controls
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected
Internet service provider (ISP)
A third party that provides individuals and enterprises with access to the Internet and a variety of other Internet-related services
Interruption window
The time that the company can wait from the point of failure to the restoration of the minimum and critical services or applications. After this time, the progressive losses caused by the interruption are excessive for the
enterprise.
Intrusion detection system (IDS)
Inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack
Intrusion detection
The process of monitoring the events occurring in a computer system or network to detect signs of unauthorized access or attack