Читаем CISSP Practice полностью

In-band management

In in-band management, a secure shell (SSH) session is established with the connectivity device (e.g., routers and switches) in a distributed local-area network (LAN).

Incident

(1) An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

Incident handling

The mitigation of violations of security policies and recommended practices.

Incident indications

A sign that an incident (e.g., malware) may have occurred or may be currently occurring.

Incident precursors

(1) A sign that a malware attack may occur in the future. (2) A sign that an attacker may be preparing to cause an incident.

Incident response plan

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attack against an organization’s IT system(s).

Incident-response team

A multidisciplined team consisting of technical, legal, audit, and public affairs specialists to address adverse events.

Incineration

A physically destructive method of sanitizing media; the act of burning completely to ashes.

Incomplete parameter checking

A system design fault that exists when all parameters have not been fully checked for accuracy and consistency by the operating system, thus makes the system vulnerable to penetration.

Incorrect file and directory permissions

File and directory permissions control the access users and processes have to files and directories. Appropriate permissions are critical to the security of any system. Poor permissions could allow any number of attacks, including the reading or writing of password files or the addition of hosts to the list of trusted remote hosts.

Inculpatory evidence

Evidence that tends to increase the likelihood of fault or guilt.

Independent validation and verification

Review, analysis, and testing conducted by an independent party throughout the life cycle of software development to ensure that the new software meets user or contract requirements.

Indication

A sign that an incident (e.g., malware) may have occurred or may be currently occurring.

Individual accountability

The ability to positively associate the identity of a user with the time, method, and degree of system access.

Inference

Derivation of new information from known information. The inference problem refers to the fact that the derived information may be classified at a level for which the user is not cleared. Users may deduce unauthorized information from the legitimate information they acquire. Inference is a problem that derives primarily from poor database design.

Inference attacks

An inference attack occurs when a user or intruder is able to deduce information to which he had no privilege from information to which he has privilege. It is a part of traffic analysis attacks.

Information architecture

The technologies, interfaces, and geographical locations of functions involved with an organization’s information activities.

Information assurance

Measures that protect and defend data/information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.

Information density

The total amount and quality of information available to all market participants, consumers, and merchants.

Information economics

Deals with the principle that the costs to obtain information should be equal to or less than the benefits to be derived from the information.

Information engineering

An approach to planning, analyzing, designing, and developing an information system with an enterprise-wide perspective and an emphasis on data and architectures.

Information flow

The sequence, timing, and direction of how information proceeds through an organization.

Information flow control

Access control based on restricting the information flow into an object (e.g., Bell and La Padula model).

Information owner

An official with responsibility for establishing controls for information generation, collection, processing, dissemination, and disposal.

Information portal