Glossary
IBM i
IBM operating system (also known as iSeries, AS/400). For more details on IBM i terms visit the IBM online glossary.
identity and access management (IAM)
The policies, programs, and technologies that reduce identity-related access risks within a business by managing digital identities and user access to data, systems, and resources.
incident response plan (IRP)
An Incident Response Plan is a written document, formally approved by the senior leadership team, that helps your organization before, during, and after a confirmed or suspected security incident.
indicators of compromise (IOC)
Pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.
information rights management (IRM)
Information rights management is a subset of digital rights management technologies that protect sensitive information from unauthorized access. It is sometimes referred to as E-DRM or enterprise digital rights.
infrastructure as a service (IaaS)
A form of cloud computing that provides virtual computing resources such as storage, networking, and other capabilities over the internet.
infrastructure protection (IP)
Infrastructure protection pertains to the security of critical business application infrastructure and protecting technology, systems, and business assets. Infrastructure protection (IP) is also used internally in Fortra to define the IT Infrastructure Protection business unit encompassing Fortra's Core Security, Cobalt Strike, Digital Defense, Beyond Security, and Outflank product lines.
internal penetration testing (IPT)
An internal network pen test is performed to help gauge what an attacker could achieve with initial access to a network. An internal network pen test can mirror insider threats, such as employees intentionally or unintentionally performing malicious actions.
International Traffic in Arms Regulations (ITAR)
The U.S. regulation that requires companies that manufacture, sell, or distribute defense articles or services to comply with the regulations as defined in the United States Munitions List (USML). The goal is to restrict and control the export of military technologies.
internet of things (IoT)
The network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment.
intrusion detection and prevention
Intrusion detection and intrusion prevention. Intrusion detection and prevention are two broad terms describing application security practices used to mitigate attacks and block new threats. The first is a reactive measure that identifies and mitigates ongoing attacks using an intrusion detection system.
intrusion detection system (IDS)
An IDS, also known as an intrusion detection system, is a software or physical device that monitors activity to detect any signs of unauthorized access. When it detects a potential intrusion, it alerts a central security system that keeps track of security events and information.
intrusion prevention system (IPS)
Intrusion prevention systems are network security solutions that examine a network for illegitimate access. If it discovers a possible intrusion, it prevents the intruder from moving further into the network or removes them completely. Intrusion prevention systems can come in the form of physical devices or software applications. They are also referred to as IPS.
JavaScript object notation (JSON)
A text-based, human-readable data interchange format used for representing simple data structures and objects in browser-based code.
Look-alike Domain
A spoofed domain intended to fool users into thinking it’s the legitimate domain. The domain can look like the real domain but may have subtle differences, ex: “0” versus “o.”
machine learning (ML)
The process by which a computer improves its own performance by continuously incorporating new data into an existing statistical model.
malware
A broad term that covers every type of software created to disable or damage computer systems. Viruses, worms, spyware, and ransomware are all forms of malware.
managed detection and response (MDR)
A service that provides remotely delivered modern security operations center capabilities focused on quickly detecting, investigating, and actively mitigating incidents. Fortra’s Alert Logic product line delivers managed detection and response solutions.
managed file transfer (MFT)
Software that encompasses all aspects of inbound and outbound file transfers while using industry-standard network protocols and encryption. Fortra’s GoAnywhere, Globalscape, and FileCatalyst product lines deliver MFT solutions.
managed file transfer as a service (MFTaaS)
A hosted managed file transfer solution using the vendor’s infrastructure. Why a SaaS Solution Can Benefit Your Company
managed security service (MSS)
Outsourced network security services.
managed security service provider (MSSP)
A vendor that provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.
managed service provider (MSP)
A vendor that delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers’ premises, in their MSP’s data center (hosting), or in a third-party data center.
multifactor authentication (MFA)
Electronic authentication method in which a user is granted access to a website or application only after presenting two or more pieces of identity authentication.
National Institute of Standards and Technology (NIST)
A physical sciences laboratory, and a nonregulatory agency of the U.S. Department of Commerce. The NIST promotes U.S. innovation and industrial competitiveness in the fields of technology, engineering, IT, and more. What is NIST?
North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP)
NERC Critical Infrastructure Protection (NERC-CIP) is a set of requirements designed to secure the assets required for operating North America's bulk electric system.
offensive security
Offensive security involves proactively testing an organization's defenses by simulating real-world attacks, such as through penetration testing, in order to identify and fix exploitable vulnerabilities.
Online Impersonation
A purposeful spoof of a brand, executive, or employee with intent to sway opinion or fool victims into performing an action.
Open PGP
A popular encryption standard that protects the privacy and integrity of sensitive files. Open PGP is an open-source offshoot of PGP that uses PGP as its foundation. Everything You Need to Know About Open PGP Encryption
open source
Software that comes with permission to use, copy, and distribute, either as-is or with modifications, and that may be offered either free or with a charge.
Open Web
Open Worldwide Application Security Project (OWASP)
The Open Worldwide Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open resources.
Paste Site
A website, used most often by multiple code developers, designed to allow the uploading and sharing of files, scripts, and code snippets.
Payment Card Industry Data Security Standard (PCI DSS, PCI)
The comprehensive set of requirements designed to ensure that any company that processes, stores, or transmits credit card information does so by maintaining a secure environment. The requirements were established to help prevent payment data breaches and payment card fraud.
PCI Security Standards Council (PCI SSC)
PCI Security Standards Council (PCI SSC), made up of major payment companies, including Visa, MasterCard, American Express, Discover, and JCB, administers and manages the PCI DSS standard. However, enforcing the compliance of PCI DSS is the responsibility of the individual payment brands.
penetration testing
Also called pen testing. An attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. Fortra’s Core Security Core Impact, Cobalt Strike, and IBM i product lines deliver pen testing solutions.