Term 331
Information protection
Information protection refers to the policies, procedures, and technologies used to safeguard data from unauthorized access, disclosure, alteration, or destruction.
Acronym study
Terms 331–360 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 331
Information protection refers to the policies, procedures, and technologies used to safeguard data from unauthorized access, disclosure, alteration, or destruction.
Term 332
Infrastructure as code (IaC) is the practice of managing and provisioning IT infrastructure through machine-readable definition files, rather than through physical hardware configuration or interactive configuration tools.
Term 333
Infrastructure as code scanning is the automated process of checking infrastructure configuration files for security misconfigurations, compliance violations, and potential vulnerabilities before deployment.
Term 334
Inherent risk is the level of risk that exists in a process or system before any security controls or mitigations are applied.
Term 335
An initiative is a formal, structured effort or project undertaken by an organization to achieve a specific strategic goal, often involving changes to IT systems, policies, or processes.
Term 336
An application security vulnerability that occurs when untrusted user data is deserialized without proper validation, potentially allowing an attacker to manipulate the application or execute malicious code.
Term 337
An inside global is the public, routable IP address that represents an internal private host when it communicates with devices on the internet.
Term 338
Inside local is the IP address assigned to a device on an internal private network before any Network Address Translation (NAT) is applied.
Term 339
Insider Risk Management is the practice of identifying, assessing, and mitigating threats that originate from within an organization, such as employees, contractors, or partners who have legitimate access to systems and data.
Term 340
An inspector is a tool or role that checks systems, configurations, or data against a set of rules to ensure they are secure and compliant.
Term 341
Integrity is the assurance that data has not been altered or tampered with in an unauthorized way, preserving its accuracy and consistency from source to destination.
Term 342
An interface endpoint is a private IP address inside a Virtual Private Cloud that provides direct, secure access to supported AWS services without traversing the public internet.
Term 343
An Internet gateway is a cloud networking component that provides a connection between a virtual private cloud (VPC) and the public Internet, enabling resources in the VPC to send and receive traffic to and from the Internet.
Term 344
Internet Key Exchange (IKE) is a protocol used to set up a secure, encrypted connection between two devices by automatically negotiating and exchanging encryption keys over an untrusted network like the internet.
Term 345
The Internet of Things (IoT) is a network of physical devices, vehicles, appliances, and other objects embedded with sensors and software that connect to the internet to collect and exchange data.
Term 346
Internet Protocol Security (IPsec) is a suite of protocols that encrypts and authenticates data packets sent over IP networks to ensure private and secure communication.
Term 347
An Intrusion Detection System (IDS) is a security tool that monitors network traffic or system activities for malicious actions or policy violations and sends alerts to administrators.
Term 348
An Intrusion Prevention System (IPS) is a network security tool that monitors network traffic and actively blocks threats like malware and cyberattacks in real time.
Term 349
IOA (Indicator of Attack) is a security concept that focuses on detecting the intent and sequence of actions leading up to a cyber attack, rather than just the artifacts left behind after a breach.
Term 350
IOC stands for Indicator of Compromise, which is forensic evidence that a system has been breached or infected by malware.
Term 351
IoT (Internet of Things) is a network of physical devices embedded with sensors and software to connect and exchange data over the internet.
Term 352
A Cisco IOS command that forwards broadcast traffic from one subnet to a specific server on another subnet, allowing devices to obtain IP configuration or other services without needing a router or server on their local network.
Term 353
IP Source Guard is a network security feature that blocks IP address spoofing by verifying that each packet's source IP address matches an authorized binding assigned to that switch port.
Term 354
An Intrusion Prevention System (IPS) is a network security device that monitors traffic in real time and automatically blocks threats before they reach your systems.
Term 355
IPsec is a suite of protocols used to secure Internet Protocol (IP) communications by encrypting and authenticating each IP packet in a data stream.
Term 356
iptables is a command-line firewall utility in Linux that uses rules to allow or block network traffic based on packet attributes like source IP, destination port, or protocol.
Term 357
ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Term 358
Isolation is the process of separating a compromised or suspicious system from a network to prevent the spread of malware or unauthorized access.
Term 359
Job rotation is a security governance practice where employees periodically switch roles or responsibilities to reduce risk, prevent fraud, and ensure organizational resilience.
Term 360
A JSON Web Token (JWT) is a compact, self-contained token used to securely transmit information between parties as a JSON object.