IaaS – acronym meaning infrastructure as a service. This is a form of cloud solution where, in place of owning and running a physical network with physical servers and other hardware, the customer is offered a solution that emulates the attributes of a physical network and server infrastructure. The cloud provider operates virtualization software to offer fast, easy, infrastructure scalability at a lower cost. Ultimately, this solution still runs on physical machines maintained by the cloud provider. The cloud provider achieves the lower cost by running a much higher automation rate and utilization of the physical hardware than customers can accomplish independently.
identity cloning — A form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity. Identity cloning is often performed in order to hide the birth country or a criminal record of the attacker in order to obtain a job, credit or other secured financial instrument.
identity fraud — A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual. The fraud is due to the attacker impersonating someone else.
image steganography – to conceal information inside a picture (image file) so that the sender and/or recipient may not know that the message is present. Used within cyber attacks to help hide unauthorized or unwanted communications. For example the zeus malware used an image file to communicate command and control instructions to the malware as least significant bits within a landscape image file. The recipient would perceive only an image file but the malware would be able to read the concealed message. See also steganography and steganalysis.
IMINT – imaginary intelligence – intelligence gathering discipline which collects information via satellite and aerial photography. IMINT is complemented by non-imaging MASINT electro-optical and radar sensors
in-memory – any digital device can comprise of more than one type of data storage. Information that is not in active use can be stored to a device such as a hard disk. Information that is being used (or imminently expected to be used) by the processor in a computer is managed through a more active storage area (the memory or active memory). When a digital device image is captured for digital forensic examination, it is usual to snaphot not only the static information on any hard disk (or equivalent) but also the active information (the information inmemory).
incident – see security incident.
incident response – a prepared set of processes that should be triggered when any known or suspected event takes place that could cause material damage to an organization. The typical stages are (i) verify the event is real and identify the affected areas. (ii) contain the problem (usually by isolating, disabling or disconnecting the affected pieces). (iii) understand and eradicate the root cause. (iv) restore the affected components in their fixed state. (v) review how the process went to identify improvements to the process. An incident response may also be required to trigger other response procedures, such as a breach notification procedure, if there is any information which has been lost that is subject to a notification requirement. For example – the loss of any personal information beyond what might be found in a phone book entry is usually considered a notifiable event.
indicators of compromise (IOC) – is a term originally used in computer forensics to describe any observable behaviors and patterns (such as particular blocks of data, registry changes, IP address references) that strongly suggest a computer intrusion has or is taking place. The collation of these patterns and behaviors are now actively used in advanced threat defense to help more rapidly identify potential security issues from across a monitored digital landscape.
infection – (in the context of cybersecurity) unwanted invasion by an outside agent that has intent to create damage or disruption.
information security policy — A written account of the security strategy and goals of an organization. A security policy is usually comprised of standards, policies (or SOPs – Standard Operating Procedures) and guidelines. All hardware, software, facilities and personnel must abide by the terms of the security policy of an organization. (Also known as security policy.)
inherent risk – the level of exposure to loss, or the impact something has before any mitigating controls are taken into consideration. For example, holding credit card data in a system brings an inherent risk to the system. See also residual risk.
insider threat — The likelihood or potential that an employee or another form of internal personnel may pose a risk to the stability or security of an organization. An insider has both physical access and logical access (through their network logon credentials). These are the two types of access that an outside attacker must first gain before launching malicious attacks whereas an insider already has both of these forms of access. Thus, an insider is potentially a bigger risk than an outsider if that insider goes rogue or is tricked into causing harm.
integrity – a value that can be assigned to a set of information to indicate how sensitive it is to data corruption (such as unauthorized modification) or data loss. Loss in this context is about losing information without the ability for anyone to recover it from the system it was entered into (it is not about theft). Often this value is expressed or translated into a scale of time. For example, data with the highest possible integrity rating could be given a value of ‘no data loss permitted’. If it was permitted to lose up to 4 hours of data that had been processed, the value would be ‘4 hours’. Usually if any data loss is permitted, it means that there will be other processes in place to address the loss of the electronic information. The integrity value assigned to any system or application is used to set the frequency that the information is subject to backup, or in very sensitive systems with no data loss permitted, establishes the need for a permanent secondary failover system.
Internet of Things (IoT) – the incorporation of electronics into everyday items sufficient to allow them to network (communicate) with other network capable devices. For example, to include electronics in a home thermostat so that it can be operated and share information over a network connection to a smartphone or other network capable devices.
internet protocol – is the set of rules used to send or receive information from or to a location on a network, including information about the source, destination and route. Each electronic location (host) has a unique address (the IP address) used to define the source and the destination.
Intrusion Detection Systems (IDS) – a computer program that monitors and inspects electronic communications that pass through it, with the purpose to detect, log (record) and raise alerts on any suspected malicious or otherwise unwanted streams of information. This is a variation from an intrusion detection and prevention system as it has no ability to block the activity, only to monitor, inspect and alert.
Intrusion Detection and Prevention Systems (IDPS) – a computer program that monitors and inspects electronic communications that pass through it, with the purpose and ability (i) to block and log (record key information) about any known malicious or otherwise unwanted streams of information and (ii) to log and raise alerts about any other traffic that is suspected (but not confirmed) to be of a similar nature. These are usually placed in the communication path to allow the prevention (dropping or blocking of packets) to occur. They can also clean some electronic data to remove any unwanted or undesirable packet components.
Intrusion Prevention Systems (IPS) – see intrusion detection and prevention systems. A small variant on an IPS, compared to an IDPS is that it may not collect any detection information and may only serve to block (prevent) unwanted traffic based on direct rules or instructions it receives.
IP address – see internet protocol.
ISAC/ISAO – Information Sharing and Analysis Centers – a nonprofit org that provides a central resource for gathering information on cyber threats to critical infrastructure and providing two-way sharing of information between the public and private sector.
ISP (Internet Service Provider) — The organization that provides connectivity to the Internet for individuals or companies. Some ISPs offer additional services above that of just connectivity such as e-mail, web hosting and domain registration.