Term 151
Identity and access management
Identity and access management (IAM) is the security discipline that ensures the right individuals access the right resources at the right times for the right reasons.
Acronym study
Terms 151–180 of 352 MD-102 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 151
Identity and access management (IAM) is the security discipline that ensures the right individuals access the right resources at the right times for the right reasons.
Term 152
A security model where trust is determined by user identity and context rather than the network location, treating identity itself as the primary boundary for access control.
Term 153
A unique 15-digit code that identifies a mobile device on a cellular network, like a serial number for phones and tablets.
Term 154
An incident is a security event that violates an organization's policies or threatens its data, systems, or operations, requiring a structured response.
Term 155
Incident classification is the process of categorizing security incidents based on type, severity, and impact to ensure appropriate response and resource allocation.
Term 156
Incident documentation is the practice of recording every detail of a cybersecurity or IT incident, from detection to resolution, to ensure accurate analysis, legal compliance, and process improvement.
Term 157
Incident management is the process of identifying, logging, prioritizing, and resolving IT service disruptions to restore normal operations as quickly as possible with minimal business impact.
Term 158
Incident response is the structured approach an organization uses to identify, contain, and recover from cybersecurity incidents like data breaches or ransomware attacks.
Term 159
The Incident response lifecycle is the structured process organizations follow to detect, contain, eradicate, and recover from cybersecurity incidents while learning from each event to improve future defenses.
Term 160
Incident severity is a classification used in IT incident management to describe the level of impact and urgency of an event, guiding response priority.
Term 161
Information barriers are policies and technical controls that prevent the unauthorized flow of sensitive information between different parts of an organization to avoid conflicts of interest and ensure compliance.
Term 162
Information protection refers to the policies, procedures, and technologies used to safeguard data from unauthorized access, disclosure, alteration, or destruction.
Term 163
Information security management is the systematic process of developing, implementing, monitoring, and improving policies, procedures, and controls to protect an organization's information assets from threats and ensure confidentiality, integrity, and availability.
Term 164
Inherent risk is the level of risk that exists in a process or system before any security controls or mitigations are applied.
Term 165
Insider Risk Management is the practice of identifying, assessing, and mitigating threats that originate from within an organization, such as employees, contractors, or partners who have legitimate access to systems and data.
Term 166
An inspector is a tool or role that checks systems, configurations, or data against a set of rules to ensure they are secure and compliant.
Term 167
Microsoft Intune is a cloud-based service that helps organizations manage their users' devices and applications, ensuring security and compliance without needing to own or control the physical hardware.
Term 168
An inverter is a circuit in a mobile device's display assembly that converts DC power into AC power to light the backlight, typically in older LCD screens.
Term 169
Just-enough access is an identity and access management principle that grants users only the minimum permissions required to perform their specific job tasks, reducing security risks.
Term 170
Just-in-time access is a security method that grants users elevated permissions only for a limited time exactly when they need them, then automatically removes those permissions.
Term 171
KMS (Key Management Service) is a Microsoft technology that automates volume licensing activation for Windows and Office products within an organization's network.
Term 172
KMS encryption is a managed service that creates, stores, and controls cryptographic keys used to encrypt data in the cloud.
Term 173
Kubernetes RBAC is a security mechanism that controls who can access and perform actions on resources in a Kubernetes cluster based on their role.
Term 174
Kubernetes security is the practice of protecting containerized applications, the Kubernetes cluster itself, and the underlying infrastructure from unauthorized access, data breaches, and system vulnerabilities.
Term 175
LAPS (Local Administrator Password Solution) is a Windows feature that automatically manages and rotates local administrator account passwords on domain-joined computers to prevent credential reuse and lateral movement in attacks.
Term 176
A portable personal computer that integrates a display, keyboard, touchpad, battery, and internal components into a single clamshell device for mobile computing.
Term 177
A rechargeable power source that provides electrical energy to a laptop computer when it is not connected to an AC power outlet.
Term 178
An LCD display is a flat-panel screen that uses liquid crystals sandwiched between polarized glass layers to create images when electric current passes through them.
Term 179
An LED display is a flat-panel screen that uses an array of light-emitting diodes as pixels for image generation, commonly used in mobile devices, monitors, and televisions.
Term 180
A line-of-business app is a software application that is essential for running a specific core business process, such as accounting, inventory management, or customer relationship management.