CPM Dictionary: I
Iatrogenic Disease: Illness resulting from a physician's or other health care
professional's care
IAP: See also Incident Action Plan
IBRD: International Bank for Reconstruction and Development (World Bank) ICAO: International Civil Aviation Organization
ICMP Flood: Denial of service attack that sends a host more ICMP (Internet Control
Message Protocol) echo request ("ping") packets than the protocol
implementation can handle
ICS: See also Incident Command System
Identification: Process that enables recognition of an entity by a system, generally
by the use of unique machine-readable user names
Identity: Description or definition of whom someone or what something is, for
example, the name by which something is known
Ignore: Condition that blocks an action from being executed on a rule
Illness: See also Disease
ILO: International Labor Organization
Image File: Special file that results in creation of an image file of a disk
or partition; used to produce duplicates of the original disk or partition
Image File Definition: Description of the properties of an image file, including
the image file name, location, and status
IMF: International Monetary Fund
Immediate Response Zone (IRZ): See also Emergency
Planning Zones
Imminent Peril to the Public: Emergency condition where near-term
or immediate and possible serious danger threatens the public and time does
not permit fully coordinated response actions; in this situation, a Federal
agency may act unilaterally, in conjunction with a State or local government,
to take immediate life-protecting actions and coordinate later with other agencies
Imminently Serious Conditions: Emergency conditions
in which, in the judgment of a military commander or responsible DOD official,
near-term or immediate and possibly serious danger threatens the public and
prompt action is needed to save lives, prevent human suffering, or mitigate
property damage; presumes timely prior approval from higher headquarters may
not be possible before action is necessary for effective response
Immunity, Active: See also Active Immunity
Immunity, Natural: See also Natural Immunity
Immunity, Passive: See also Passive Immunity
Immunity, Specific: See also Specific Immunity
Immunization: Protection of susceptible individuals from communicable disease
by administration of a living modified agent (as in yellow fever), a suspension
of killed organism (as in whooping cough), or an inactivated toxin (as in tetanus);
temporary passive immunization possible by administering antibodies in the form
of immune globulin. See also Active Immunization; Passive Immunization
Immunization, Active: See also Active Immunization
Immunization, Passive: See also Passive Immunization
Impact: Potential results associated with a disaster or emergency situation
over time on an organization; impact level is usually relative to the size of
the organization and existing resilience. See also Business Impact Analysis
Impact Phase: Time frame during a disaster where emergency management activities
focus on warning and preparedness
Impersonation: See also Spoofing
Improvised Explosive Device: Non-standard item, usually crude and simple in
design, containing an arming or timing system, an initiator, and an explosive
filler, e.g., homemade bomb
In the Clear: Not encrypted. See also Cleartext and Plaintext
In the Wild: Refers to viruses which have been released into, and successfully
spread in, the normal computer user community and environment; differentiates
other viral programs which are written and tested in a controlled research environment,
without escaping, from those which are uncontrolled in the wild or in the field
Inactive: Status designation indicating that a program, job, policy, or scan
is not currently running
Incidence: Frequency of instances of illness commencing, or of persons falling
ill, during a given period in a specified population
Incidence Rate: The rate at which new events occur in a population. See also
Incidence
Incident: 1) Event that may be, or may lead to, a business interruption, disruption,
loss and/or crisis; also an incident such as an adverse network event in an
information system or network or the threat of the occurrence of such an event;
2) any hurricane, tornado, storm, flood, high water, wind-driven water, tidal
wave, tsunami, earthquake, volcanic eruption, landslide, mudslide, snowstorm,
drought, fire, explosion, or other catastrophe which causes damage or hardship
that may result in a Presidential declaration of a major disaster or an emergency
Incident Action Plan: Set of procedures and action steps developed at the field
response level that contains objectives reflecting the overall incident strategy
and specific tactical actions and supporting information for the next operational
period; plan may be oral or written Incident Base: Site established at an incident
where primary logistics functions are coordinated and administered; may be collocated
with Incident Command Post; only one base per incident,/p>
Incident Command Post (ICP): Site established where primary command functions are executed; may be
collocated with incident base or other incident facilities
Incident Command System (ICS): Structured organization of facilities, equipment,
personnel, procedures, and communications with responsibility for management
of assigned resources to effectively direct and control incident responses;
can expand or contract as situation warrants without requiring a different command
structure
Incident Commander: Individual responsible for command of all functions at the
field response level
Incident Communications Center: Site established for Communications
Unit and Message Center
Incident Handling: Action plan for dealing with intrusions, cyber-theft, denial
of service, fire, floods, and other security-related events; uses a six-step
process: Preparation, Identification, Containment, Eradication, Recovery, and
Lessons Learned
Incident Management Team: Includes the Incident Commander and appropriate General
and Command Staff personnel assigned to an incident
Incident Management System: See also Incident Command System
Incident Manager: Leader of local EOC reporting up to senior management on recovery
progress; can invoke local recovery plan
Incident Objectives: Statements of guidance and direction needed to select appropriate
strategy(s) and the tactical direction of resources; based on realistic expectations
of what can be accomplished when all allocated resources have been effectively
deployed
Incident Response: Set of procedures for dealing with a disaster or other major
event that may significantly impact the organization, its people, or its ability
to function productively; may include evacuation of a facility, initiating a
disaster recovery plan, performing damage assessment, and any other measures
necessary to bring an organization to a more stable status
Incident Response Cycle: Sequence of phases associated with a security incident
from the time it is identified as a security compromise or incident to the time
it is resolved and reported
Incomplete Parameter Checking: System design flaw that results when all parameters
have not been fully anticipated for accuracy and consistency, thus making the
system vulnerable to penetration
Increased Readiness Reporting System: Standardized method
of reporting increased readiness actions taken by State and local governments
Incremental Backups: Technique for backing up data that stores only the files
that have been modified since the last backup. See also Full Backup, Differential
Backup
Incubation Period: Time interval between invasion by an infectious agent and
appearance of the first sign or symptom of the disease in question. See also
Latent Period
Index Case: The first case in a family or other defined group
to come to the attention of the investigator. See also Case Indirect Contact
Mode of transmission of infection involving fomites or vectors, which can be
mechanical (e.g., filth, flies) or biological (disease agent undergoes part
of its life cycle in vector species). See also Direct Contact; Fomite; Transmission
of Infection; Vector
Indirect Infection: Infection transmitted indirectly via vehicle, vector, air,
droplet nuclei, or dust; 1) vehicle-borne refers to substances serving as intermediate
means by which infectious agents are transported and introduced into a susceptible
host through a suitable portal of entry; 2) mechanical vector-borne refers to
simple mechanical carriage by a crawling or flying insect through soiling of
its feet or proboscis, or by passage of organisms through its gastrointestinal
tract; 3) biological vector-borne refers to propagation (multiplication), cyclic
development, or a combination of these that is required before an arthropod
can transmit the infective form of the agent to humans; 4) airborne infection
refers to transmission via droplet nuclei, e.g., residues that result from evaporation
of fluid from droplets emitted by an infected host or from atomizing devices,
or accidentally, as in microbiology laboratories or autopsy rooms; 5) dust-borne
transmission is characterized by small particles of widely varying size that
may arise from soil (fungus spores) or from clothes, bedding, or contaminated
floors. See also Direct Infection; Transmission of Infection
Individual Accountability: Process in which it is possible to positively associate
the identity of a user with the time, method, and degree of access to a system
Industrial Mobilization: Process associated with marshaling the industrial sector
to produce goods and services, including construction, required to support military
operations and the needs of the civil sector during domestic or national security
emergencies; may involve a short lead-time surge of production, longer term
expansion of production capacity, or both
Inetd (Internet Daemon): Application that controls smaller internet services
like telnet, ftp, and POP
Infectable: Object to which virus code can attach or become associated with,
in such a manner that invocation of the object will also invoke the virus
Infectability: Host characteristic or state in which a host can be infected.
See also Infectivity; Infectiousness
Infection: Condition where virus code has become attached to or associated with
an object or system, such that invocation of the object or system will also
invoke the virus; infection does not take place until a virus has become active,
reproduced, or made a change to the system; so long as user does not invoke
the virus, or a worm does not find a specific vulnerability to exploit, infected
file may remain dormant on the system, without the system itself becoming infected.
See also Cross-Infection; Disinfection Transmission of Infection
Infection Control: Health care organization program that provides policies and
procedures for surveillance, prevention, and control of infection; includes
patient care and patient care support departments and services; examples - hand
washing, protective clothing, isolation procedures, and ongoing measurement
of performance
Infection Control Committee: Multidisciplinary group with responsibility for
overseeing a health care organization's infection control program including
representatives from at least the medical staff, nursing, and administration
and the person(s) directly responsible for management of infection surveillance,
prevention, and control
Infection, Cross: See Cross-Infection
Infection Length: Size, in bytes, of viral code inserted into a program by a
virus
Infection Rate: Incidence rate of obvious plus unapparent infections (latter
determined by seroepidemiology). See also Attack Rate; Seroepidemiology
Infections, Emerging: See Emerging Infections
Infectious Disease: See Communicable Disease
Infectiousness: Characteristic of a disease that describes the relative ease
with which it is transmitted to other hosts; example – droplet spread
disease is more infectious than one spread by direct contact; characteristics
of exit and entry portals entry are also determinants, as are agent characteristics
of ability to survive away from the host and of infectivity. See also Infectability;
Infectivity
Infectivity: 1) Characteristic of a disease agent that describes ability to
enter, survive and multiply in a host; measure of infectivity is the secondary
attack rate; 2) proportion of exposures, in defined circumstances, that results
in infection. See also Infection; Secondary Attack Rate
Infector: Program or other code, not itself infected, that will place a virus
in memory and render it active, without writing virus to disk. See also Dropper
Inference Attack: Relies on users to make logical connections between seemingly
unrelated pieces of information
Infestation: See Infection
Information: 1) Rating used to calculate a vulnerability, based on relative
availability of information that discloses such vulnerability; 2) data that
have been transformed through analysis and interpretation into a form useful
for drawing conclusions and making decisions. See also Data
Information Flow Control: Procedure that ensures information transfers within
a system are not made from a higher security level object to an object of a
lower security level. See also Covert Channel, Simple Security Property, Star
Property, Data Flow Control and Flow Control
Information Officer: Member of Command Staff responsible for interfacing with
the public and media or with other agencies requiring information directly from
the incident; only one Information Officer per incident
Information Security: Securing or safeguarding of all sensitive information,
electronic or otherwise, which is owned by an organization. See also BSI 7799
Information System Security: Measures and controls that protect
a system against denial of service and unauthorized (accidental or intentional)
disclosure, modification, or destruction of systems and data; addresses hardware
and/or software functions, characteristics and/or features, operational procedures,
accountability procedures, and access controls at the central computer facility,
remote computer, and terminal facilities, management constraints, physical structures
and devices, and personnel and communication controls needed to provide an acceptable
level of risk for the system and for the data and information contained in the
system
Information System Security Officer (ISSO): Designated Approving Authority for
ensuring that security is provided for and implemented throughout the life cycle
of a system from the beginning of the concept development plan through its design,
development, operation, maintenance, and secure disposal
Information Warfare: Competition between offensive and defensive players over
information resources
Informational Convergence: Situation that may occur in disasters in which large
numbers of persons seek to acquire or provide information to those in the impact
area; includes offers of help, mass medias searches for information, those seeking
advice, and those inquiring about the missing. See also Convergence, Material
Convergence, and Personal Convergence
Informed Consent: Voluntary approval and consent provided by a subject –
typically a person or a responsible proxy such as a parent – for participation
in a study, immunization program, treatment regimen, etc., after being informed
of the purpose, methods, procedures, benefits and risks, and when relevant,
the degree of uncertainty about outcomes; requirement is that subjects have
both knowledge and comprehension, that the consent is freely given without duress
or undue influence, and that the right of withdrawal at any time is clearly
communicated to the subjects. See also Confidentiality, Ethics, Respect for
Autonomy
Infrastructure: Operational environment that supports business and government
processes; typically includes buildings and all of their supporting services;
typically divided into technology infrastructure (e.g. computers, cabling, telephony)
and real estate infrastructure (e.g. buildings, utility supplies, air-conditioning)
Ingestion Pathway: See Emergency Planning Zones
Ingress Filtering: Filtering of inbound traffic
Inherent Risk: Potential that some human activity or natural event will have
an adverse affect on an asset(s) of an organization and which cannot be managed
or transferred away
Initial Action: Procedures or activities taken by resources
that are the first to arrive at an incident
Initial Response: Resources initially committed to an incident
Initialization Vector (IV): Sequence of random bytes incorporated into the front
of plaintext before encryption by a block cipher, or used as a part of the first
step in a block cipher procedure that uses some form of chaining; designed to
eliminate possibility of having initial ciphertext block the same for any two
messages
Initialize: Prepare for use; example – in communications, setting a modem
and software parameters at the start of a session
Inoculum: Amount of microorganisms introduced into a host
Inpatient Bed Availability: Number of unoccupied beds, categorized as monitored
and non-monitored beds, covered by staff within a hospital
Input Validation Attacks: Occur when an attacker intentionally sends unusual
input in the hopes of confusing an application
Insider Attack: Unauthorized attack to a system that involves an employee or
other trusted individual, generally one with a higher than normal level of access
Insurance: Contract to finance the cost of risk; if a specified risk event (loss)
occurs, the insurance contract would pay the holder the contractual amount.
See also Risk Financing and Self-Insurance
Insurrection: Unlawfully rising in open resistance against established authority
or government or against the execution of the laws of government
Integrated Communications: System using a common communications plan, standard
operating procedures, clear text, common frequencies, and common terminology.
See also Incident Command System
Integrated Recovery Programs (IRPs): Flexible and adaptable recovery programs
that respond to a variety of community needs; can coordinate recovery activities
and stimulate economic rehabilitation by working with various sectors of the
community; may include work schemes to repair community facilities that enable
disaster victims to access cash and replace their lost possession
Integrated Risk Management: Process in which current risks are managed in a
coordinated way across the entire span of an organization
Integrated Services Digital Network (ISDN): Switched digital communications
services, typically used mostly for data traffic; accessed using specially configured
telephone company access lines; used to enhance Wide Area Network (WAN) speeds;
can transmit at speeds of 64 or 128 kilobits per second (Kbps), as opposed to
standard phone lines, which transmit at only 9600 bps
Integrated Test: Examination of a plan that addresses multiple plan components,
in conjunction with each other, typically under simulated operating conditions
Integrity: Need to ensure that information has not been changed accidentally
or deliberately, and that it is accurate and complete
Integrity Checking: See also Change Detection
Integrity Star Property: Situation in which users cannot read data of a lower
integrity level then their own
Interdiction: See also Denial of Service
Intergovernmental Paradox: Situation in government such that, as you move to
lower government levels, disaster damages experienced from that level's perspective
are less frequent; since local governments typically experience the fewest exposures
to disaster loss, they may not perceive a situation as an important issue; paradox
is that the local government, which is least likely to see disaster management
as a key priority, is most likely to be faced with the responsibility for carrying
out a disaster response. See also Apathy
Interim Site: Temporary location used to continue business functions after vacating
a recovery site and before the original or new home site can be occupied; may
be necessary if ongoing stay at recovery site is not feasible for the period
of time needed or if the recovery site is located far from the normal business
site that was affected
Internal Audit: In-house team of auditors that evaluate effectiveness of internal
control systems and contribute to their ongoing effectiveness by providing advice
and support to management
Internal Control: All the means, tangible and intangible that can be employed
or used to ensure that established objectives are met. See also Control Culture
Internal Hostile Structured (IHS) Threat: Individual or group within an organization
that is motivated to disrupt mission operations or exploit assets; incorporate
significant resources, tools, and skills to launch a sophisticated attack and
potentially remove any evidence of the attack; threat is unlikely to act but
has the greatest potential to cause damage; typical potential candidates include
highly skilled, disgruntled employees (such as system administrators or programmers)
or technical users who could benefit from disrupting operations
Internal Hostile Unstructured (IHU) Threat: Individual within an organization
who has physical access to network components; intent is to disrupt operations
of the organization but lacks the resources, tools, or skills necessary to launch
a sophisticated attack; potential exists for this threat to attack the organization
by deploying a common virus; typical potential candidates include unskilled,
disgruntled employees or users who could benefit from disrupting operations
Internal Hot Site: Fully equipped alternate processing site owned and operated
by the organization; ideally located at a different site than principal operations
center
Internal Security Controls: System hardware, firmware, and software features
within a system that restrict access to resources (hardware, software, and data)
to authorized subjects only (persons, programs, or devices)
Internal Threat: Originates within an organization. See also External Threat
International Data Encryption Algorithm (IDEA): Symmetric block cipher that
uses a 128-bit key and operates on 64-bit blocks
International NGOs (INGOs): Non-government organizations carrying out development
assistance whose central headquarters are not based in the countries where they
work
Internet: Describes process of connecting multiple separate networks together
Internet Control Message Protocol (ICMP): Standard Internet protocol used to
report error conditions during IP datagram processing and to exchange other
information concerning the state of the IP network
Internet Engineering Steering Group (IESG): Committee within IETF comprised
of area directors plus a chairperson; provides direction and leadership to the
IETF, approves IETF standards and approves the publication of other IETF documents
Internet Engineering Task Force (IETF): Organization that defines standard Internet
operating protocols such as TCP/IP; members drawn from the Internet Society's
individual and organization membership; IETF supervised by Internet Society
Internet Architecture Board (IAB)
Internet Message Access Protocol (IMAP): Defines how a client should fetch mail
from and return mail to a mail server; defined in RFC 1203 (v3) and RFC 2060
(v4); intended as a replacement for or extension to Post Office Protocol (POP)
Internet Protocol (IP): Method by which data is sent from one computer to another
on the Internet
Internet Protocol (IP) Address: Identifies workstation or other device on a
TCP/IP network and specifies routing information; each device is assigned a
unique IP address, which consists of the network ID, plus a unique host ID assigned
by the network administrator
Internet Protocol Security (IPsec): Popular specification for security at the
network or packet processing layer of network communications; 1) name of the
IETF working group that is specifying a security architecture (RFC 2401) and
protocols to provide security services for IP traffic; 2) collective name for
that architecture and set of protocols; standard specifies a) security protocols
(AH and ESP, the Authentication Header and Encapsulating Security Payload),
b) security associations (what they are, how they work, how they are managed,
and associated processing), c) key management (IKE), and d) algorithms for authentication
and encryption
Internet Security Association and Key Management Protocol (ISAKMP): IPsec specification
(RFC 2408) that negotiates, establishes, modifies, and deletes security associations,
and exchanges key generation and authentication data, independent of the details
of any specific key generation technique, key establishment protocol, encryption
algorithm, or authentication mechanism
Internet Standard: Specification, approved by the Internet Engineering Steering
Group (IESG) and published as an RFC (Request for Comments), that is stable
and well understood, is technically competent, has multiple, independent, and
interoperable implementations with substantial operational experience, enjoys
public support, and is considered useful in some or all parts of the Internet
Internet Worm (UNIX Worm): Launched in November 1988, developed by Robert Morris,
worm spread to some three to four thousand machines connected to the Internet,
wasting CPU cycles and clogging mail spools; affected Internet mail traffic;
predecessor to Michelangelo, Melissa, Loveletter, and Code Red attacks
Interrupt: Signal that informs the operating system (OS) that something has
occurred
Interrupt Requests (IRQ): Occurs when a connection device signals other hardware
components that it needs attention; also called hardware interrupts
Interstate Commerce Act (Emergency Situations): The law (49 U.S.C. 10724 and
11121 to 11128) authorizes the Interstate Commerce Commission (ICC) to reduce
rates to authorized carriers for service and transportation in an emergency;
ICC can also suspend any car service rule or practice, take action during emergencies
to promote car service in the interest of the public and commerce, require joint
or common use of facilities when that action will best meet the emergency; direct
preferences or priorities in transportation, embargoes, or movement of traffic
under permits; and reroute traffic
Intranet: Computer network, typically based on Internet technology, which a
business or government agency uses for its own internal and private purposes,
and that is closed to outsiders
Intruder Alert Agent: Situation in which an agent monitors the hosts and responds
to events by performing defined actions based on applied security policies
Intruder Alert Manager: Software application that runs in background mode as
either a UNIX daemon or a Windows NT service; managers 1) maintain secure communications
with all registered agents; 2) maintain master list of domains and policies
applied to each agent; 3) communicate domain and policy changes to agents; 4)
receive and store event data from agents, via the Record to Event Viewer action;
5) serve as communications link among Intruder Alert Administrator, Intruder
Alert Event Viewer, and agents; and 6) maintain list of policies and domains
being applied
Intrusion: Attacks or attempted attacks from outside the security perimeter
of a system
Intrusion Detection: Security management process for computers and networks
in which information from various areas within a computer or a network is gathered
and analyzed to identify possible security breaches; includes both intrusions
(attacks from outside the organization) and misuse (attacks from within the
organization)
Intrusion Detection Exchange Format (IDEF): See also Intrusion Detection Working
Group (IDWG)
Intrusion Detection System (IDS): Automated system that alerts network operators
to a penetration or other contravention of a security policy; some IDS may be
able to respond to a penetration by shutting down access or gathering more information
on the intruder. See also Anomaly Detection and Network Forensics
Intrusion Detection Working Group (IDWG): Special group within the IETF that
defines data formats and exchange procedures for sharing information of interest
to intrusion detection and response systems, as well as to management systems
that may need to interact with them
Intrusion Prevention System (IPS): Automated system that establishes barriers
to potential network penetrations or other contraventions of security policies;
has ability to record the characteristics of attempted penetrations into a database
for use in analyzing future events; usually include IDS capabilities and can
be programmed to deny further access to the network or associated systems. See
also Anomaly Detection, Network Forensics, and Firewalls
Inundation Area: Area covered by water in the event of a failure that results
in a flooding situation
Invocation: Steps taken whereby a business continuity management or crisis management
process is formally launched; traditionally follows the disaster declaration
and often results in the process of transferring critical processing activities
at an off-site facility such as work area recovery site or a hot site. See also
Activation
Information Technology Disaster Recovery (ITDR): Procedures within an organization’s
BCM plan used to recover and restore IT and telecommunications capabilities
after an incident. See also BCM, BCM Plan, BCM Program, and Disaster Recovery
IOM: International Organization for Migration
IPSec: See also Internet Protocol Security
IP Address: Computer inter-network address; assigned based on Internet Protocol
and other protocols; IP version 4 address includes a series of four 8-bit numbers
separated by periods
IP Flood: Denial of service (DOS) attack that sends a host more echo request
("ping") packets than the protocol implementation can handle
IP Forwarding: Operating system option that lets hosts act as routers; systems
with more than one network interface card (NIC) must have IP forwarding turned
on for the system to act as a router
IP Spoofing: Supplying false IP addresses; an attack in which active, established,
sessions are intercepted and co-opted by an attacker; may occur after an authentication
has been made, permitting attacker to assume the role of an already authorized
user; primary protections rely on encryption at the session or network layer;
also known as IP hijacking or IP splicing
IRP: See Integrated Recovery Programs
IRZ: See Immediate Response Zone
ISA (Industry Standard Architecture): Name given by IBM to the basic structure
of IBM PC and XT computers, those referred to as IBM or PC compatible; applies
to computers based on Intel 8088/8086/80x86/Pentium family processors, interrupt-based
BIOS boot programming, and the associated bus (actual reference for ISA) which
has undergone many changes; ability of these systems to run Microsoft MS-DOS
and Windows operating systems while using Intel CPUs resulted in the term Wintel
ISAKMP: See also Internet Security Association and Key Management Protocol
ISC2 (International Information Systems Security Certification Consortium): Organization that administers the Certified Information Systems Security Professional
(CISSP) designation; www.isc2.org
ISO (International Organization for Standardization): Voluntary, non-treaty,
non-government organization, established in 1947, with voting members that are
designated standards developing bodies of participating nations and non-voting
observer organizations
Isolation: 1) Containment of subjects and objects in a way that they are separated
from one another, as well as from the protection controls of the operating system;
2) separation, for the period of communicability, of infected persons or animals
from others under such conditions as to prevent or limit transmission of infectious
agent from those infected to those who are susceptible or who may spread the
an agent to others. See also Quarantine
Isoseismal: Lines on a map representing points of equal intensity of an already
occurring or anticipated earthquake
ISSA (Information Systems Security Association): Non-profit organization for
information security professionals; www.issa.org
Issue-Specific Policy: Addresses specific needs within an organization, such
as a password policy
IT Recovery Planning: See also Technology Recovery Planning
ITU-T (International Telecommunications Union, Telecommunication Standardization
Sector): Formerly the CCITT, a United Nations treaty organization comprised
mainly of postal, telephone, and telegraph authorities of UN member countries
that publishes standards called "Recommendations"
CPM Dictionary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z