Glossary
Browse the IADC Lexicon alphabetically or by category. Get comprehensive definitions of drilling industry terms.
Key
Definition(s)
Key
The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIT Asset
Definition(s)
IT Asset
A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value. Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned. Adapted from: DHS Risk Lexicon. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInvestigation
Definition(s)
Investigation
A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence. Extended Definition: In the NICE Workforce Framework, cybersecurity work where a person: Applies tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering. Adapted from: ISSG V1.2 Database; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress; From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInvestigate
Definition(s)
Investigate
A NICE Workforce Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntrusion
Definition(s)
Intrusion
An unauthorized act of bypassing the security mechanisms of a network or information system. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntrusion
Unauthorized act of compromising a system (See “attack”). Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardInteroperability
Definition(s)
Interoperability
The ability of two or more systems or components to exchange information and to use the information that has been exchanged. Adapted from: IEEE Standard Computer Dictionary. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntent
Definition(s)
Intent
A state of mind or desire to achieve an objective.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsIntent
A course of action that a threat intends to follow.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsIntent
A state of mind or desire to achieve an objective. Sample Usage: The content of domestic extremist websites may demonstrate an intent to conduct acts of terrorism. Annotation:- Adversary intent is the desire or design to conduct a type of attack or to attack a type of target.
- Adversary intent is one of two elements, along with adversary capability, that is commonly considered when estimating the likelihood of terrorist attacks and often refers to the likelihood that an adversary will execute a chosen course of action or attempt a particular type of attack.
Intent
A state of mind or desire to achieve an objective. Adapted from: DHS Risk Lexicon. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntegrated Risk Management
Definition(s)
Integrated Risk Management
Structured approach that enables the distribution and employment of shared risk information and analysis and the synchronization of independent yet complementary risk management strategies to unify efforts across the enterprise Sample Usage: DHS uses an integrated risk management framework to promote a unified approach to managing all homeland security risks. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceIntegrated Risk Management
The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise. Adapted from: DHS Risk Lexicon. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInside(r) Threat
Definition(s)
Inside(r) Threat
A person or group of persons within an organization who pose a potential risk through violating security policies. Extended Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm. Related Term(s): outside( r) threat Adapted from: CNSSI 4009; From: NIAC Final Report and Recommendations on the Insider Threat to Critical Infrastructure, 2008. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInformation Technology
Definition(s)
Information Technology
Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information. Adapted from: CNSSI 4009, NIST SP 800-53 rev. 4, based on 40 U.S.C. sec. 1401. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInformation Systems Security Operations
Definition(s)
Information Systems Security Operations
In the NICE Workforce Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer). From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInformation System Resilience
Definition(s)
Information System Resilience
The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner. Adapted from: NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInformation Sharing
Definition(s)
Information Sharing
An exchange of data, information, and/or knowledge to manage risks or respond to incidents. Adapted from: NCSD glossary. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInformation Security Policy
Definition(s)
Information Security Policy
An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information. From: CNSSI 4009; NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInformation Assurance Compliance
Definition(s)
Information Assurance Compliance
In the NICE Workforce Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInformation Assurance
Definition(s)
Information Assurance
The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality. Adapted from: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsInformation and Communication(s) Technology
Definition(s)
Information and Communication(s) Technology
Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information. Adapted from: The Access Board's 2011 Advance Notice of Proposed Rulemaking for Section 508. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIndustrial Control System
Definition(s)
Industrial Control System
An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets. Adapted from: NIST SP 800-53 Rev 4, NIST SP 800-82. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIncident Response
Definition(s)
Incident Response
The activities that address the short-term, direct effects of an incident and may also support short-term recovery. Extended Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities. From: Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIncident Management
Definition(s)
Incident Management
The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. Adapted from: NCSD Glossary, ISSG NCPS Target Architecture Glossary. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsICT Supply Chain Threat
Definition(s)
ICT Supply Chain Threat
A man-made threat achieved through exploitation of the information and communications technology (ICT) systems supply chain, including acquisition processes. From: DHS SCRM PMO. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsHashing
Definition(s)
Hashing
A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data. Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value. Adapted from: CNSSI 4009, FIPS 201-2. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsHash Value
Definition(s)
Hash Value
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntrusion Detection
Definition(s)
Intrusion Detection
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred. Adapted from: CNSSI 4009, ISO/IEC 27039 (draft). Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntrusion Detection
Security service that monitors and analyzes system events for the purpose of finding, and providing realtime or near real-time warning of, attempts to access system resources in an unauthorized manner
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardIncident Response Plan
Definition(s)
Incident Response Plan
A set of predetermined and documented procedures to detect and respond to a cyber incident. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsFirewall
Definition(s)
Firewall
Inter-network connection device that restricts data communication traffic between two connected networks. Source: DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global StandardsFirewall
A capability to limit network traffic between networks and/or information systems. Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsFirewall
Inter-network connection device that restricts data communication traffic between two connected networks [11].- NOTE: A firewall may be either an application installed on a general-purpose computer or a dedicated platform (appliance) that forwards or rejects/drops packets on a network. Typically firewalls are used to define zone borders. Firewalls generally have rules restricting which ports are open.