ICT supply chain threat:

A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.

Identity and access management:

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.


An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

Incident management:

The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. 

Incident response:

The activities that address the short-term, direct effects of an incident and may also support short-term recovery. In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.

Incident response plan:

A set of predetermined and documented procedures to detect and respond to a cyber incident.


An occurrence or sign that an incident may have occurred or may be in progress.

Industrial Control System:

An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.

Information and communication(s) technology:

Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

Information assurance:

The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.

Information Assurance Compliance:

In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

Information security policy::

An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

Information sharing:

An exchange of data, information, and/or knowledge to manage risks or respond to incidents.

Information system resilience:

The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.

Information Systems Security Operations:

In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer).

Information technology:

Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

Infrastructure as code (IaC):

The process of managing and provisioning computing resources through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. The IT infrastructure managed by this process comprises both physical equipment, such as bare-metal servers, as well as virtual machines, and associated configuration resources.

Inside(r) threat:

A person or group of persons within an organization who pose a potential risk through violating security policies. One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm.

Integrated risk management:

The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.


The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination.


The ability of two or more systems or components to exchange information and to use the information that has been exchanged.


An unauthorized act of bypassing the security mechanisms of a network or information system.

Intrusion detection:

The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.

IT Service Management (ITSM):

The activities that are performed by an organization to design, build, deliver, operate and control information technology (IT) services offered to customers or employees. ITSM tools & suites (e.g. ServiceNow) support a whole set of ITSM processes. At their core is usually a workflow management system for handling incidents, service requests, problems and changes.