This glossary is from Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse all letters of the glossary or get the book.
IAB (Initial Access Broker) – Cybercriminals who specialize in gaining initial access to networks and selling that access to ransomware operators.
IaaS (Infrastructure as a Service) – Cloud computing service providing virtualized computing resources over the internet.
IC3 (Internet Crime Complaint Center) – FBI’s online reporting system for cybercrime incidents (IC3.gov).
IDA Pro – Industry-standard commercial reverse engineering tool for advanced malware analysis.
Identity and Access Management (IAM) – Systems and processes for managing user identities and controlling access to resources.
IDS (Intrusion Detection System) – Security tool that monitors network traffic for suspicious activity and generates alerts.
Image-level Backup – Backup method that captures entire volumes or disks at the block level, rather than individual files.
Immutable Backups/Storage – Backup copies that cannot be altered or deleted until a specified retention period expires, protecting against ransomware.
Immutable Flag (Linux) – A file attribute in Linux that prevents modification or deletion of a file, though root users can remove the flag.
In-memory Execution – Malware technique that runs code directly in system memory without writing files to disk.
Incident Response Plan (IRP) – A documented strategy defining how an organization will detect, respond to, and recover from security incidents.
Incident Response Team (IRT) – Cross-functional team responsible for managing security incident response, including technical staff, legal, communications, and executives.
Incremental Backup – A backup that captures only data that has changed since the previous backup (full or incremental).
Indicators of Compromise (IOCs) – Forensic artifacts or evidence of malicious activity, such as file hashes, IP addresses, or domain names.
Information Security Policy – Comprehensive policy defining an organization’s security objectives, controls, and requirements.
Infrastructure as Code – Managing and provisioning computing infrastructure through machine-readable definition files rather than manual processes.
Initial Access Brokers (IABs) – Cybercriminals who specialize in gaining access to systems and selling that access to other attackers.
Intrusion Detection System (IDS) – Security system that monitors network traffic and system activities for malicious behavior or policy violations.
Intrusion Prevention System (IPS) – Security system that not only detects but also actively blocks malicious network traffic and activities.
IoT (Internet of Things) – Connected devices like thermometers, cameras, or sensors that often lack security controls and provide ransomware entry points.
IR Plan (Incident Response Plan) – Documented procedures, roles, and decision frameworks for responding to cybersecurity incidents.
IRP (Incident Response Plan) – A documented strategy defining how an organization will detect, respond to, and recover from security incidents.
IRT (Incident Response Team) – Cross-functional team responsible for managing security incident response, including technical staff, legal, communications, and executives.
ISACs (Information Sharing and Analysis Centers) – Industry-specific organizations that facilitate sharing of cybersecurity threat intelligence.
IT Asset Policy – Policy defining how an organization manages technology resources throughout their lifecycle.
Item-level Backup – Backup method that captures individual files or database records rather than entire volumes.