Term 301
IAM
Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources.
Acronym study
Terms 301–330 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 301
Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources.
Term 302
An IAM group is a collection of IAM users in a cloud or identity system that simplifies permission management by allowing you to assign policies to multiple users at once.
Term 303
An IAM misconfiguration occurs when identity and access management settings are incorrectly set, granting too many or too few permissions to users or services, which can lead to security breaches or operational failures.
Term 304
An IAM policy is a set of rules that determines who can access specific cloud resources and what actions they are allowed to perform.
Term 305
An IAM role is a set of permissions that an entity can assume temporarily to access cloud resources securely.
Term 306
An IAM user is an identity created in AWS Identity and Access Management that represents a person or service interacting with AWS resources, with its own credentials and permissions.
Term 307
ICMP is a network-layer protocol used by network devices to send error messages and operational information about network connectivity.
Term 308
An ICS is a system of networked devices used to monitor and control industrial processes, such as manufacturing or power generation.
Term 309
Idempotency means that an operation can be performed multiple times without changing the result beyond the first application.
Term 310
A security model where trust is determined by user identity and context rather than the network location, treating identity itself as the primary boundary for access control.
Term 311
Identity proofing is the process of verifying that a person is who they claim to be before granting access to systems or data.
Term 312
Identity protection is the set of policies, technologies, and practices used to secure digital identities and prevent unauthorized access to systems and data.
Term 313
An identity provider (IdP) is a system that creates, stores, and manages digital identities and authenticates users for other applications and services.
Term 314
An IDS is a security system that monitors network or system traffic for suspicious activity and alerts administrators to potential threats, but does not actively block them.
Term 315
IIoT (Industrial Internet of Things) connects industrial machines and sensors to networks for data collection, analysis, and automation in manufacturing, energy, and utilities.
Term 316
IKE (Internet Key Exchange) is a protocol used to set up a secure, authenticated communication channel between two parties by establishing and managing the Security Associations for IPsec.
Term 317
Impact is the measure of the potential damage or harm that a risk event could cause to an organization's assets, operations, or reputation.
Term 318
Impersonation is a security attack where an attacker pretends to be a legitimate person or system to gain unauthorized access, steal data, or commit fraud.
Term 319
Implicit deny is a security rule that automatically blocks any network traffic that is not explicitly allowed by an access control list or firewall rule.
Term 320
An inbound ACL is a set of rules applied to network traffic entering an interface that decides whether to allow or block that traffic based on criteria like source IP, destination port, or protocol.
Term 321
An incident is a security event that violates an organization's policies or threatens its data, systems, or operations, requiring a structured response.
Term 322
Incident classification is the process of categorizing security incidents based on type, severity, and impact to ensure appropriate response and resource allocation.
Term 323
Incident response is the structured approach an organization uses to identify, contain, and recover from cybersecurity incidents like data breaches or ransomware attacks.
Term 324
The Incident response lifecycle is the structured process organizations follow to detect, contain, eradicate, and recover from cybersecurity incidents while learning from each event to improve future defenses.
Term 325
Incident severity is a classification used in IT incident management to describe the level of impact and urgency of an event, guiding response priority.
Term 326
An indicator of attack (IOA) is a sign that an attack is actively occurring or about to occur, focusing on attacker behavior and intent rather than just the artifacts left behind.
Term 327
An indicator of compromise is a piece of digital evidence—such as a suspicious file hash, IP address, or unusual network pattern—that suggests a system may have been breached by an attacker.
Term 328
An Industrial Control System (ICS) is a network of computers and devices that monitors and controls industrial machinery, such as power plants, water treatment facilities, and assembly lines.
Term 329
The Industrial Internet of Things (IIoT) is a network of physical devices, machines, and sensors in industrial settings that collect and exchange data over the internet to improve efficiency and safety.
Term 330
Information barriers are policies and technical controls that prevent the unauthorized flow of sensitive information between different parts of an organization to avoid conflicts of interest and ensure compliance.