Information systems security engineering

The art and science of discovering users’ information protection needs and then designing and making information systems, with economy and elegance, so they can safely resist the forces to which they may be subjected.

Information technology (IT)

(1) Any equipment or interconnected system or sub-system of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by an organization or its contractor. (2) The term IT includes computers, ancillary equipment, software, firmware, and similar procedures, services (including support services), and related resources.

Information-technology (IT) architecture

An integrated framework for evolving or maintaining existing IT and acquiring new IT to achieve the organization’s strategic goals. A complete IT architecture should consist of both logical and technical components. The logical architecture provides the high-level description of the organization’s mission, functional requirements, information requirements, system components, and information flows among the components. The technical architecture defines the specific IT standards and rules used to implement the logical architecture.

Information type

A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, and security management) defined by an organization or in some instances, by a specific law, executive order, directive, policy, or regulation.

Information value

(1) The value of information is dependent on who needs the information (i.e., insider or outsider of an organization) and its worth to this person. (2) A qualitative measure of the importance of the information based upon factors such as level of robustness of the information assurance controls allocated to the protection of information based upon mission criticality, the sensitivity (e.g., classification and compartmentalization) of the information, releasability to other entities, perishability/longevity of the information (e.g., short life data versus long life data), and potential impact of loss of confidentiality, integrity, and availability of the information.

Infrastructure component

Software unit that provides application functionality not related to business functionality, such as error/message handling, audit trails, or security.

Ingress filtering

(1) Filtering of incoming network traffic. (2) Blocking incoming packets that should not enter a network. (3) The process of blocking incoming packets that use obviously false IP addresses, such as reserved source addresses.

Inheritance

(1) A situation in which an information system or an application system receives protection from security controls (or portions of security controls) that are implemented by other entities either internal or external to the organization where the system resides. (2) A mechanism that allows objects of a class to acquire part of their definition from another class (called a super class). Inheritance can be regarded as a method for sharing a behavioral description.

Initial program load (IPL)

A process of copying the resident operating system into the computer’s read memory.

Initialization vector (IV)

(1) A non-secret binary vector used in defining the starting point of an encryption process within a cryptographic algorithm. (2) A data block that some modes of operation require as an additional initial input.

Inline sensor

A sensor deployed so that the network traffic it is monitoring must pass through it.

Input block

A data block that is an input to either the forward cipher function or the inverse cipher function of the block cipher algorithm.

Insider attack

An attack originating from inside a protected network, either malicious or nonmalicious.

Instant messaging (IM)

A facility for exchanging messages in real-time with other people over the Internet and tracking the progress of the conversation.

Integrated services digital network (ISDN)

A worldwide digital communications network evolving from existing telephone services. The goal of ISDN is to replace the current analog telephone system with totally digital switching and transmission facilities capable of carrying data ranging from voice to computer transmission, music, and video. Computers and other devices are connected to ISDN lines through simple, standardized interfaces. When fully implemented, ISDN is expected to provide users with faster, more extensive communications services in data, video, and voice.

Integration test

A process to confirm that program units are linked together and that they interface with files or databases correctly. This is a management and preventive control.

Integrity

(1) The property that protected and sensitive data has not been modified or deleted in an unauthorized and undetected manner. (2) Preservation of the original quality and accuracy of data in written or electronic form. (3) Guarding against improper information modification or destruction, (4) Ensuring information nonrepudiation and authenticity. (5) The ability to detect even minute changes in the data.

Integrity level

A level of trustworthiness associated with a subject or object.

Intellectual property

Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation.

Intended signatory

An entity that intends to generate digital signatures in the future.

Interception

The process of slipping in between communications and hijacking communications channels.

Interdiction

The act of impeding or denying the use of a computer system resource to a user.

Interface

The common boundary between independent systems or modules where communication takes place.

Interface profile

The sub-component that provides the capability to customize the component for various users. The interface profile can specify the business rules and workflow that are to be executed when the component is initialized or it can be tailored to suit different deployment architectures and business rules. The profile can specify the architectural pattern that complements the service component.

Inter-file analysis

Analysis of code residing in different files that have procedural, data, or other interdependencies.

Internal border gateway protocol (IBGP)

A border gateway protocol operation communicating routing information within an autonomous system.

Internal control

A process within an organization designed to provide reasonable assurance regarding the achievement of the following primary objectives (1) the reliability and integrity of information, (2) compliance with policies, plans, procedures, laws, regulations, and contracts, (3) the safeguarding of assets, (4) the economical and efficient use of resources, and (5) the accomplishment of established objectives and goals for operations and programs.

Internal network

A network where (1) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors or (2) cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints provides the same effect. An internal network is typically organization-owned, yet may be organization-controlled, while not being organization-owned.