Skip to main content
ADOA-ASET Logo
  • Home
  • About
    • Careers
    • Leadership Team
    • Statutes and Rules
    • Meeting Requests
  • Services
    • Current Rates
  • Strategy
    • ACT Recommendations
    • Digital Government
    • Enterprise Architecture
    • Enterprise Project Management Office
    • Strategic Oversight
    • Statewide Strategic IT Plans
  • Governance
    • IT Authorization Committee (ITAC)
    • Chief Information Officer (CIO) Council
    • Change Advisory Board (CAB)
    • Enterprise Security Program Advisory Council (ESPAC)
  • Programs
    • AZNET II - Arizona Network
    • Archived Programs
  • Resources
    • ASET Billing
    • Glossary
    • Policies, Standards and Procedures
    • Security
      • Incident Reporting
    • Service Desk
    • Training
    • Agency Engagement Manager List
  • Home
  • Resources
  • Glossary

Glossary

( (2) | A (142) | B (60) | C (158) | D (101) | E (54) | F (42) | G (13) | H (21) | I (120) | J (3) | K (8) | L (16) | M (39) | N (19) | O (16) | P (74) | Q (2) | R (52) | S (109) | T (47) | U (7) | V (14) | W (12) | Z (1)

IA Architecture (NIST)

A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.

SOURCE: CNSSI-4009

IA Infrastructure (NIST)

The underlying security framework that lies beyond an enterprise’s defined boundary, but supports its IA and IA-enabled products, its security posture and its risk management plan.

SOURCE: CNSSI-4009

IA Product (NIST)

Product whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, non- repudiation of data); correct known vulnerabilities; and/or provide layered defense against various categories of non-authorized or malicious penetrations of information systems or networks.

SOURCE: CNSSI-4009

Identification (NIST)

The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.

SOURCE: SP 800-47

The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items.

SOURCE:  FIPS 201

An act or process that presents an identifier to a system so that the system can recognize a system entity (e.g., user, process, or device) and distinguish that entity from all others.

SOURCE: CNSSI-4009

Identifier (NIST)

Unique data used to represent a person’s identity and associated attributes.  A name or a card number are examples of identifiers.

SOURCE:  FIPS 201

A data object - often, a printable, non-blank character string - that definitively represents a specific identity of a system entity, distinguishing that identity from all others.

SOURCE: CNSSI-4009

IDENTIFY (FUNCTION) (NIST)

Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

SOURCE: NIST CYBERSECURITY FRAMEWORK

Identity (NIST)

A set of attributes that uniquely describe a person within a given context.

SOURCE:  SP 800-63

The set of physical and behavioral characteristics by which an individual is uniquely recognizable.

SOURCE:  FIPS 201

The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity.

SOURCE: CNSSI-4009

Identity Binding (NIST)

Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority.

SOURCE:  FIPS 201

Identity Proofing (NIST)

The process by which a Credentials Service Provider (CSP) and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person. 

SOURCE: SP 800-63

The process of providing sufficient information (e.g., identity history, credentials, documents) to a Personal Identity Verification Registrar when attempting to establish an identity.

SOURCE:  FIPS 201

Identity Registration (NIST)

The process of making a person’s identity known to the Personal Identity Verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.

SOURCE:  FIPS 201;  CNSSI-4009

Identity Token (NIST)

Smart card, metal key, or other physical object used to authenticate identity.

SOURCE: CNSSI-4009

Identity Validation (NIST)

Tests enabling an information system to authenticate users or resources.

SOURCE: CNSSI-4009

Identity Verification (NIST)

The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card of system and associated with the identity being claimed.

SOURCE:  FIPS 201; SP 800-79

Identity-Based Access Control (NIST)

Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to specific objects are assigned based on user identity.

SOURCE: SP 800-53; CNSSI-4009

Identity-Based Security Policy (NIST)

A security policy based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access.

SOURCE: SP 800-33

IIC

Infrastructure Investment Charges – A component of the monthly seat charge that is used to fund projects for a converged data, voice and video statewide network. The projects upgrade statewide networks and supporting technologies, consolidate disparate agency networks, consolidate business and operational processes, improve measurable service levels, provide improved protection of the network from current and emerging security threats, and assist in a statewide network business continuity and disaster recovery program.

Impact (NIST)

The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.

SOURCE:  SP 800-60

Impact Level (NIST)

The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.

SOURCE: CNSSI-4009

High, Moderate, or Low security categories of an information system established in FIPS 199 which classify the intensity of a potential impact that may occur if the information system is jeopardized.

SOURCE:  SP 800-34

Inadvertent Disclosure (NIST)

Type of incident involving accidental exposure of information to an individual not authorized access.

SOURCE: CNSSI-4009

Incident (ITIL)

An unplanned interruption to an IT service, or a reduction in the quality of an IT service. Failure of a configuration item that has not yet impacted service is also an incident.

SOURCE: ITIL V3 SERVICE OPERATION 7.2.2

Incident (NIST)

A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

SOURCE: SP 800-61

An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

SOURCE:  FIPS 200; SP 800-53

An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system; or the information the system processes, stores, or transmits; or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

SOURCE: CNSSI-4009

Incident Handling (NIST)

The mitigation of violations of security policies and recommended practices.

SOURCE:  SP 800-61

Incident Response Plan (IRP) (NIST)

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information system(s).

SOURCE:  SP 800-34

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of an incident against an organization’s IT system(s).

SOURCE: CNSSI-4009

Independent Validation Authority – (IVA) (NIST)

Entity that reviews the soundness of independent tests and system compliance with all stated security controls and risk mitigation actions. IVAs will be designated by the Authorizing Official as needed.

SOURCE: CNSSI-4009

Independent Verification & Validation (IV&V) (NIST)

A comprehensive review, analysis, and testing (software and/or hardware) performed by an objective third party to confirm (i.e., verify) that the requirements are correctly defined, and to confirm (i.e., validate) that the system correctly implements the required functionality and security requirements.

SOURCE: CNSSI-4009

Indicator (NIST)

Recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack.

SOURCE: CNSSI-4009

A sign that an incident may have occurred or may be currently occurring.

SOURCE:  SP 800-61

Indicator of Compromise (IOC)

A forensic artifact or remnant of an intrusion that can be identified on a host or network.

SOURCE: RSA, DIVISION OF EMC

Informal Security Policy (NIST)

Natural language description, possibly supplemented by mathematical arguments, demonstrating the correspondence of the functional specification to the high-level design.

SOURCE: CNSSI-4009

Information (NIST)

An instance of an information type.

SOURCE:  FIPS 200; FIPS 199; SP 800-60; SP 800-53; SP 800-37

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

SOURCE: CNSSI-4009

INFORMATION ARCHITECTURE

In its broadest definition, a discipline, process, and/or program focusing on the design and organization of data, unstructured information, and documents. In the context of Enterprise Architecture, it is a synonym for Data Architecture, which is one of the four Enterprise Architectures (with Application Architecture, Business Architecture, and System Architecture). In the context of designing documents and web pages, it is the structuring of large sets of information, as opposed to the development of the content of any content unit within the larger set.

SOURCE: Data Governance Institute

Information Asset

Includes all data, information and intellectual property.

Information Assurance (IA) (NIST)

Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.  These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.

SOURCE:  SP 800-59; CNSSI-4009

Information at Rest

Digital data stored on media.

Information classification label

A designation indicating the information classification, e.g., “Public”, “Standard”, “High”.

Information Custodians

Maintain or administer information resources on behalf of the Information Owner. Custodianship includes responsibility for accessing, managing, maintaining, preserving, disposing and providing security for the information resource. In contrast, information custody means having physical possession of information without necessarily having responsibility for the information.

Information Domain (NIST)

A three-part concept for information sharing, independent of, and across information systems and security domains that 1) identifies information sharing participants as individual members, 2) contains shared information objects, and 3) provides a security policy that identifies the roles and privileges of the members and the protections required for the information objects.

SOURCE: CNSSI-4009

Information Environment (NIST)

Aggregate of individuals, organizations, and/or systems that collect, process, or disseminate information, also included is the information itself.

SOURCE: CNSSI-4009

Information labeling

Affixing a physical or electronic label identifying the security category of a document, file or records series in order to alert those who handle it that it requires protection at the applicable level.

Information Management

The planning, budgeting, manipulating, and controlling of information throughout its life cycle.

SOURCE: CNSSI-4009

Information Models

Information models, also referred to as "meta-metadata," are components of data warehouse technology and typically document the following in a repository:

  1. The business process driving the need for the data warehouse
  2. The data elements involved (and the associated metadata)
  3. Relationships between data elements
  4. The flow of data into and out of the data warehouse, including the detailed processes that occur to input or output data in the data warehouse
  5. Business events affecting the data warehouse
  6. Security requirements

Information Owner (NIST)

Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.  See Information Steward.

SOURCE:  FIPS 200; SP 800-37; SP 800-53; SP 800-60; SP 800-18; CNSSI-4009

Information processing facilities

The physical location housing any information processing system, service or infrastructure; this includes storage facilities for equipment not yet deployed or awaiting disposal.

Information Resources (NIST)

Information and related resources, such as personnel, equipment, funds, and information technology.

SOURCE:  FIPS 200; FIPS 199; SP 800-53; SP 800-18; SP 800-60;44 U.S.C., Sec. 3502; CNSSI-4009

Information Security (NIST)

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

SOURCE:  SP 800-37; SP 800-53; SP 800-53A; SP 800-18; SP 800-60; CNSSI-4009; FIPS 200; FIPS 199; 44 U.S.C., Sec.3542

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—

1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information

nonrepudiation and authenticity;

2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal

privacy and proprietary information; and

3) availability, which means ensuring timely and reliable access to and use of information.

SOURCE:  SP 800-66; 44 U.S.C., Sec 3541

Information security activities

Management and technology programs to protect government information assets.

Information Security Architecture (NIST)

An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.

SOURCE:  SP 800-39

Information Security Classification

A system of designating security categories for information based on the impact to the business mission from loss of information confidentiality, integrity or availability. (also classification, information classification, security classification)  

Information Security Continuous Monitoring (ISCM) (NIST)

Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.

[Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.]

SOURCE:  SP 800-137

Information Security Incident

Indicated by a single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.

Information Security Policy (NIST)

Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.

SOURCE:  SP 800-53; SP 800-37; SP 800-18; CNSSI-4009

Information Security Risk (NIST)

The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. See Risk.

SOURCE:  SP 800-30

Information Services Inventory Status (ISIS)

A perpetual inventory of information technology assets of the state. All agencies, boards, and commissions are required to have all IT inventory entered and accurate as possible by September 30th of each year. Inventory submitted as CSV or Microsoft Excel files.

SOURCE: ASET WEBSITE

Information System (NIST)

A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

SOURCE:  FIPS 200; FIPS 199; SP 800-53A; SP 800-37; SP 800-60; SP 800-18; 44 U.S.C., Sec. 3502; OMB Circular A-130, App. III

A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

[Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.]

SOURCE: SP 800-53; CNSSI-4009

Information System Contingency Plan (ISCP) (NIST)

Management policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters.

SOURCE:  SP 800-34

Information System Owner (NIST)

(a.k.a. Program Manager) Individual responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.

SOURCE:  SP 800-53; SP 800-53A; SP 800-18; SP 800-60

Information System Resilience (NIST)

The ability of an information system to continue to operate while under attack, even if in a degraded or debilitated state, and to rapidly recover operational capabilities for essential functions after a successful attack.

SOURCE:  SP 800-30

The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.

SOURCE:  SP 800-39

Information System Security Classification

A system of designating security categories for information systems based on the information security categories of information processed by the information system.

Information System Security Officer (ISSO) (NIST)

Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.

SOURCE:  SP 800-37; SP 800-53

Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program.

SOURCE:  SP 800-53A;  SP 800-60

Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for ensuring that the appropriate operational security posture is maintained for an information system or program.

SOURCE:  SP 800-18

Information System-Related Security Risks (NIST)

Information system-related security risks are those risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and consider impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation.

See Risk.

SOURCE: SP 800-37; SP 800-53A

Information Systems Security Officer (ISSO) (NIST)

Individual assigned responsibility for maintaining the appropriate operational security posture for an information system or program.

SOURCE: CNSSI-4009

Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program.

SOURCE: SP 800-39

Information Technology

 "Information technology" means all computerized and auxiliary automated information processing, telecommunications and related technology, including hardware, software, vendor support and related services, equipment and projects.

SOURCE: A.R.S. §41-3501(6)

Information Technology (NIST)

Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which—

1) requires the use of such equipment; or

2) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product.

The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.

SOURCE:  SP 800-53; SP 800-53A; SP 800-37; SP 800-18; SP 800-60; FIPS 200; FIPS 199; CNSSI-4009; 40 U.S.C., Sec. 11101 and Sec 1401

Information Technology Asset

Includes owned and leased technology hardware (i.e. physical items), owned or licensed software and related or supporting services.

Information Technology Authorization Committee (ITAC)

The Information Technology Authorization Committee (ITAC) consists of public and private business and business IT leaders. The committee meets monthly to review IT projects and other Strategic IT issues as necessary. Any IT project valued over $1 million must be approved by the Information Technology Authorization Committee.

SOURCE: ASET WEBSITE

Information Technology Resources

Information and communications technologies, including data, information systems, network services (e.g., Web services; messaging services); computers (e.g., hardware, software); telecommunications networks and associated assets (e.g., telephones, facsimiles, cell phones, laptops, personal digital assistants)

Information Type (NIST)

A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization or in some instances, by a specific law, Executive Order, directive, policy, or regulation.

SOURCE:  SP 800-53; SP 800-53A; SP 800-37; SP 800-18; SP 800-60; FIPS 200; FIPS 199; CNSSI-4009

INFORMATIVE REFERENCE (NIST)

A specific section of standards, guidelines, and practices common among critical infrastructure sectors that illustrates a method to achieve the outcomes associated with each Subcategory.

SOURCE: NIST CYBERSECURITY FRAMEWORK

Infrastructure

Hardware and software employed by an organization to support processe

Ingress Filtering

Method of filtering inbound network traffic such that only explicitly allowed traffic is permitted to enter the network.

SOURCE: PCI DSS GLOSSARY

Method of filtering inbound network traffic such that only explicitly allowed traffic is permitted to enter the network.

SOURCE: PCI DSS GLOSSARY

Initialize (NIST)

Setting the state of a cryptographic logic prior to key generation, encryption, or other operating mode.

SOURCE: CNSSI-4009

Initiator (NIST)

The entity that initiates an authentication exchange.

SOURCE:  FIPS 196

Injection Flaws

Vulnerability that is created from insecure coding techniques resulting in improper input validation, which allows attackers to relay malicious code through a web application to the underlying system. This class of vulnerabilities includes SQL injection, LDAP injection, and XPath injection.

SOURCE: PCI DSS GLOSSARY

Insecure Protocol/Service/Port

A protocol, service, or port that introduces security concerns due to the lack of controls over confidentiality and/or integrity. These security concerns include services, protocols, or ports that transmit data or authentication credentials (for example, password/passphrase) in clear-text over the Internet, or that easily allow for exploitation by default or if misconfigured. Examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP v1 and v2.

SOURCE: PCI DSS GLOSSARY

Inside Threat (NIST)

An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service.

SOURCE:  SP 800-32

Integrated Intermediate System to Intermediate System (IS-IS)

A routing protocol designed to move information efficiently within a computer network, a group of physically connected computers or similar devices. It accomplishes this by determining the best route for datagrams through a packet-switched network. The protocol was defined in ISO/IEC 10589:2002 as an international standard within the Open Systems Interconnection (OSI) reference design. Though originally an ISO standard, the IETF republished the protocol as an Internet Standard in RFC 1142. IS-IS has been called "the de facto standard for large service provider network backbones.”

SOURCE: WIKIPEDIA

Integrity (NIST)

Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.

SOURCE:  SP 800-53; SP 800-53A; SP 800-18; SP 800-27; SP 800-37; SP 800-60; FIPS 200; FIPS 199; 44 U.S.C., Sec. 3542

The property that sensitive data has not been modified or deleted in an unauthorized and undetected manner.

SOURCE:  FIPS 140-2

The property whereby an entity has not been modified in an unauthorized manner.

SOURCE: CNSSI-4009

Integrity Check Value (NIST)

Checksum capable of detecting modification of an information system.

SOURCE: CNSSI-4009

Intellectual Property

An idea, invention, process, program, or application that derives from the work of the mind or intellect – specifically, one that has had its ownership registered for the purpose of protection from unauthorized use by others (from Merriam- Webster's Dictionary of Law ©1996).

Intellectual Property (NIST)

Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation.

SOURCE:  SP 800-32

Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights.  Under intellectual property law, the holder of one of these abstract “properties” has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered.

SOURCE: CNSSI-4009

Interagency Service Agreement (ISA)

Contract between State Agencies whereby one Agency provides a service to another, and the second Agency pays the first for the service. 

Interconnection Security Agreement (ISA) (NIST)

An agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection.  The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations.

SOURCE:  SP 800-47

A document that regulates security-relevant aspects of an intended connection between an agency and an external system.  It regulates the security interface between any two systems operating under two different distinct authorities.  It includes a variety of descriptive, technical, procedural, and planning information. It is usually preceded by a formal MOA/MOU that defines high-level roles and responsibilities in management of a cross-domain connection.

SOURCE: CNSSI-4009

Interface (NIST)

Common boundary between independent systems or modules where interactions take place.

SOURCE: CNSSI-4009

Internal Network (NIST)

A network where: (i) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or (ii) cryptographic encapsulation or similar security technology provides the same effect. An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned.

SOURCE: SP 800-53; CNSSI-4009

Internal Revenue Service (IRS) Publication (Pub) 1075

This publication provides guidance to ensure the policies, practices, controls, and

safeguards employed by recipient agencies, agents, or contractors adequately protect

the confidentiality of Federal Taxpayer Information (FTI).

SOURCE: IRS PUB. 1075

Internal Security Controls (NIST)

Hardware, firmware, or software features within an information system that restrict access to resources only to authorized subjects.

SOURCE: CNSSI-4009

Internal Security Testing (NIST)

Security testing conducted from inside the organization’s security perimeter.

SOURCE:  SP 800-115

International Organization for Standardization (ISO)

Non-governmental organization consisting of a network of the national standards institutes.

SOURCE: PCI DSS GLOSSARY

Internet (NIST)

The single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share (a) the protocol suite specified by the Internet Architecture Board (IAB), and (b) the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).

SOURCE: CNSSI-4009

Internet Group Management Protocol (IGMP)

A communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. IGMP is an integral part of IP multicast.

IGMP can be used for one-to-many networking applications such as online streaming video and gaming, and allows more efficient use of resources when supporting these types of applications.

SOURCE: WIKIPEDIA

Internet Message Access Protocol (IMAP)

An application-layer Internet protocol that allows an e-mail client to access e-mail on a remote mail server.

SOURCE: PCI DSS GLOSSARY

Internet Message Access Protocol (IMAP) 4

An Application Layer Internet protocol that allows an e-mail client to access e-mail on a remote mail server, is defined by RFC 3501. An IMAP server typically listens on well-known port 143. IMAP over SSL (IMAPS) is assigned well-known port number 993.

SOURCE: WIKIPEDIA

Internet Protocol (IP)

The network layer protocol in the TCP/IP stack offering a connectionless internetwork service. IP provides features for addressing, type-of-service specification, fragmentation and reassembly, and security. IPv4 routes each packet based on a 32-bit destination address called an IP address (e.g., 123.122.211.111). IPv6 uses a sixteen-octet 128-bit IP address.

Internet Protocol (IP) (NIST)

Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.

SOURCE: CNSSI-4009

Internet Protocol Telephony (IP Telephony)

See Voice over Internet Protocol (VoIP).

Interoperability

The ability of making systems and organizations to work together (inter-operate). While the term was initially defined for information technology or systems engineering services to allow for information exchange, a more broad definition takes into account social, political, and organizational factors that impact system to system performance.

SOURCE: WIKIPEDIA

Interoperability

  1. The ability of Information Technology (IT) systems to provide services to and accept services from other IT systems and to use the services so exchanged to enable them to operate effectively together.
  2. The ability of disparate systems to be linked together and then operate as a single entity through the exchange of information facilitated through open standards or non-proprietary protocols.

Intranet (NIST)

A private network that is employed within the confines of a given enterprise (e.g., internal to a business or agency).

SOURCE: CNSSI-4009

Intrusion (NIST)

Unauthorized act of bypassing the security mechanisms of a system.

SOURCE: CNSSI-4009

Intrusion Detection Systems (IDS) (NIST)

Hardware or software product that gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organizations) and misuse (attacks from within the organizations.)

SOURCE: CNSSI-4009

Intrusion Prevention Systems (IPS)

Network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

SOURCE: WIKIPEDIA  

IP

Internet Protocol – The most important of the protocols on which the Internet is based. It is part of the Transmission Control Protocols (TCP)/IP family of protocols describing software that tracks the Internet address of nodes, routes outgoing messages and
recognizes incoming messages.

IP Security (IPsec) (NIST)

Suite of protocols for securing Internet Protocol (IP) communications at the network layer, layer 3 of the OSI model by authenticating and/or encrypting each IP packet in a data stream.  IPsec also includes protocols for cryptographic key establishment.

SOURCE: CNSSI-4009

IPS

Intrusion Prevention System – A preemptive approach to network security. It provides policies and rules for network traffic along with an intrusion detection system for alerting network administrators to suspicious traffic allowing swift response to potential threats.

ISO27000

A family of standards published by the International Organization for Standardization designed to keep information assets secure.  ISO 27001 provides requirements for an information security management system.

SOURCE: ISO WEBSITE

ISP

Internet Service Provider – An organization that provides access to the Internet.

ISSUE FRAMING

A process for scoping and defining a problem prior to solving it. How a decision is framed limits the possible choices that are seriously considered.

SOURCE: Data Governance Institute

ISSUE RESOLUTION

A structured process for reaching a solution to a problem while considering the needs of all stakeholders. Most Data Governance programs acknowledge that successful resolution of data-related issues requires politically-neutral facilitation of the decision-making process, with participation by Data Stakeholders.

SOURCE: Data Governance Institute

IT GOVERNANCE

The leadership, organizational structures, and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives.

SOURCE: The IT Governance Institute

IT INFRASTRUCTURE LIBRARY (ITIL)

A public framework that describes best practice in IT service management.

SOURCE: ITIL V3

A series of publications providing  Best Practice guidance for IT Service Management.

SOURCE: Data Governance Institute

IT PORTFOLIO MANAGEMENT

A key function of IT Governance, IT portfolio management is the formal process for managing IT assets such as software, hardware, middleware, an IT project, internal staff, an application or external consulting.

SOURCE: Data Governance Institute

IT Security Architecture (NIST)

A description of security principles and an overall approach for complying with the principles that drive the system design; i.e., guidelines on the placement and implementation of specific security services within various distributed computing environments.

SOURCE:  SP 800-27

IT Security Awareness (NIST)

The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.

SOURCE:  SP 800-50

IT Security Awareness and Training Program (NIST)

Explains proper rules of behavior for the use of agency IT systems and information. The program communicates IT security policies and procedures that need to be followed.

SOURCE:  SP 800-50; CNSSI-4009

IT Security Policy (NIST)

The “documentation of IT security decisions” in an organization.

NIST SP 800-12 categorizes IT Security Policy into three basic types:

1) Program Policy—high-level policy used to create an organization’s IT security program, define its scope within the organization, assign implementation responsibilities, establish strategic direction, and assign resources for implementation.

2) Issue-Specific Policies—address specific issues of concern to the organization, such as contingency planning, the use of a particular methodology for systems risk management, and implementation of new regulations or law. These policies are likely to require more frequent revision as changes in technology and related factors take place.

3) System-Specific Policies—address individual systems, such as establishing an access control list or in training users as to what system actions are permitted. These policies may vary from system to system within the same organization. In addition, policy may refer to entirely different matters, such as the specific managerial decisions setting an organization’s electronic mail (email) policy or fax security policy.

SOURCE:  SP 800-35

IT Security Training (NIST)

IT Security Training strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT security (e.g., management, systems design and development, acquisition, auditing).  The most significant difference between training and awareness is that training seeks to teach skills, which allow a person to perform a specific function, while awareness seeks to focus an individual’s attention on an issue or set of issues.

The skills acquired during training are built upon the awareness foundation, in particular, upon the security basics and literacy material.

SOURCE:  SP 800-50

IT SERVICE MANAGEMENT (ITSM)

The implementation and management of Quality IT Services that meet the needs of the Business. IT Service Management is performed by IT Service Providers through an appropriate mix of people, Process and Information Technology. (Baseline IT definition)

SOURCE: Data Governance Institute

IT-Related Risk (NIST)

The net mission/business impact considering

1) the likelihood that a particular threat source will exploit, or trigger, a particular information system vulnerability, and

2) the resulting impact if this should occur.  IT-related risks arise from legal liability or mission/business loss due to, but not limited to:

* Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information;

* Non-malicious errors and omissions;

* IT disruptions due to natural or man-made disasters; or

* Failure to exercise due care and diligence in the implementation and operation of the IT.

SOURCE:  SP 800-27

ITAC

Information Technology Authorization Committee – A committee of appointed state officials charged with the jurisdiction to approve or reject Information Technology projects with development costs exceeding $1 million for all three (executive, judicial and legislative) branches of government.

ITG

Information Technology Governance – A web-based workflow and project management tool used by AZNet to track and control the management of the program, including projects, issues and Service Level Agreement performance. ITG serves as a historical
database of information regarding changes.

IVR

Interactive Voice Response – An automated telephone information system that speaks to the caller with a combination of fixed voice menus and data extracted from databases in real time. The caller responds by pressing digits on the telephone or speaking words or short phrases.

Resources

  • ASET Billing
  • Glossary
  • Policies, Standards and Procedures
  • Security
    • Incident Reporting
  • Service Desk
  • Training
  • Agency Engagement Manager List
LinkedIn Twitter YouTube This site (RSS)
Arizona State Seal
Contact Us
ADOA-ASET
100 N. 15th Avenue, Suite 400
Phoenix, AZ 85007
Find in Google Maps
Phone: 602.542.2250
Map Image

Footer Utility

  • Statewide Website Policies
  • Site Map
  • Meeting Requests