Term 121
IAM
Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources.
Acronym study
Terms 121–150 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 121
Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources.
Term 122
An IAM binding is a collection of members (users, groups, or service accounts) assigned to a single role within a Google Cloud resource policy, defining who has what permissions.
Term 123
An IAM group is a collection of IAM users in a cloud or identity system that simplifies permission management by allowing you to assign policies to multiple users at once.
Term 124
An IAM misconfiguration occurs when identity and access management settings are incorrectly set, granting too many or too few permissions to users or services, which can lead to security breaches or operational failures.
Term 125
An IAM policy is a set of rules that determines who can access specific cloud resources and what actions they are allowed to perform.
Term 126
An IAM role is a set of permissions that an entity can assume temporarily to access cloud resources securely.
Term 127
An IAM user is an identity created in AWS Identity and Access Management that represents a person or service interacting with AWS resources, with its own credentials and permissions.
Term 128
Identification is the process where a user or device claims an identity, often by providing a username, ID number, or account name, before proving that claim with authentication.
Term 129
Identity and access management (IAM) is the security discipline that ensures the right individuals access the right resources at the right times for the right reasons.
Term 130
A security model where trust is determined by user identity and context rather than the network location, treating identity itself as the primary boundary for access control.
Term 131
An IDS is a security system that monitors network or system traffic for suspicious activity and alerts administrators to potential threats, but does not actively block them.
Term 132
An incident is a security event that violates an organization's policies or threatens its data, systems, or operations, requiring a structured response.
Term 133
Incident classification is the process of categorizing security incidents based on type, severity, and impact to ensure appropriate response and resource allocation.
Term 134
Incident documentation is the practice of recording every detail of a cybersecurity or IT incident, from detection to resolution, to ensure accurate analysis, legal compliance, and process improvement.
Term 135
Incident management is the process of identifying, logging, prioritizing, and resolving IT service disruptions to restore normal operations as quickly as possible with minimal business impact.
Term 136
Incident response is the structured approach an organization uses to identify, contain, and recover from cybersecurity incidents like data breaches or ransomware attacks.
Term 137
The Incident response lifecycle is the structured process organizations follow to detect, contain, eradicate, and recover from cybersecurity incidents while learning from each event to improve future defenses.
Term 138
Incident severity is a classification used in IT incident management to describe the level of impact and urgency of an event, guiding response priority.
Term 139
Information security management is the systematic process of developing, implementing, monitoring, and improving policies, procedures, and controls to protect an organization's information assets from threats and ensure confidentiality, integrity, and availability.
Term 140
Inherent risk is the level of risk that exists in a process or system before any security controls or mitigations are applied.
Term 141
Insider Risk Management is the practice of identifying, assessing, and mitigating threats that originate from within an organization, such as employees, contractors, or partners who have legitimate access to systems and data.
Term 142
An Intrusion Prevention System (IPS) is a network security device that monitors traffic in real time and automatically blocks threats before they reach your systems.
Term 143
IPsec is a suite of protocols used to secure Internet Protocol (IP) communications by encrypting and authenticating each IP packet in a data stream.
Term 144
ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Term 145
Job rotation is a security governance practice where employees periodically switch roles or responsibilities to reduce risk, prevent fraud, and ensure organizational resilience.
Term 146
Just-enough access is an identity and access management principle that grants users only the minimum permissions required to perform their specific job tasks, reducing security risks.
Term 147
Just-in-time access is a security method that grants users elevated permissions only for a limited time exactly when they need them, then automatically removes those permissions.
Term 148
Kerberos is a network authentication protocol that uses tickets and symmetric-key cryptography to verify the identity of users and services in a secure, non-repudiable way.
Term 149
KMS encryption is a managed service that creates, stores, and controls cryptographic keys used to encrypt data in the cloud.
Term 150
Kubernetes RBAC is a security mechanism that controls who can access and perform actions on resources in a Kubernetes cluster based on their role.