ICA: An acronym for Citrix's Independent Computing Architecture, a three-part server-based computing technology that separates an application's logic from its user interface and allows 100% application execution on the server.

IDEA: International Data Encryption Algorithm. Symmetric algorithm, developed at ETH Zürich (Switzerland); works with a key length of 138 bit and is considered to be secure. Non-commercial use is free, for commercial use of a license is to be obtained.

IETF: Internet Engineering Task Force. Open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual. The actual technical work of the IETF is done in working groups, which are organized by topic into several areas (e.g., routing, transport, security, etc.). Much of the work is handled via mailing lists. The IETF holds meetings three times per year. Standards are expressed in the form of Requests for Comments (RFCs).

Incident: For the purpose of this document the term "incident" implies an incident related to computer security. "A computer security incident, [...], is any adverse event whereby some aspect of computer security could be threatened: loss of data confidentiality, disruption of data or system integrity, or disruption or denial of availability." The definition of an incident may vary for each organisation depending on many factors. At least the following categories and examples are generally applicable:
Compromise of integrity, such as when a virus infects a program or the discovery of a serious system vulnerability; Denial of service, such as when an attacker has disabled a system or a network worm has saturated network bandwidth; Misuse, such as when an intruder (or insider) makes unauthorized use of an account; Damage, such as when a virus destroys data; and Intrusions, such as when an intruder penetrates system security. Another definition, which relies on the definition of Threat is given by [CERT 1993]: "an instance of any computer security threat"

Incident Handling: It depends on the understanding of the author of a document if he makes a difference between Incident Handling and Incident Response. The main reason for making a difference is, that Incident Handling covers more than Incident Response.

Incident Response: Incident Response is viewed as part of Incident Handling. All actions related to the first reaction on a new incident are covered.

Information Systems Technology: The protection of information assets from accidental or intentional but unauthorized disclosure, modification, or destruction, or the inability to process that information.

Insider Attack: An attack originating from inside a protected network.

Integrity: That aspect of security that deals with the correctness of information or its processing. An attack on integrity would seek to erase a file that should not be erased, alter an element of a database improperly, corrupt the audit trail for a series of events, propagate a virus, etc.

Internet (TOM): A web of different, intercommunicating networks funded by both commercial and government organizations. It connects networks in 40 countries. No one owns or runs the Internet. There are thousands of enterprise networks connected to the Internet, and there are millions of users, with thousands more joining every day.

Internet Protocol: This handles the address part of each data packet that is transmitted from one computer to another on the Internet. (A protocol is the set of rules computers use to talk to each other.) Each computer (or host) on the Internet has a unique address containing four numbers separated by periods (for example, 199.0.0.2). Each file you request (for example, someone's Web home page) is identified in part by a domain name that maps to the Internet address of its computer. The file you request is in turn sent to you at your associated Internet address by the IPs at either end of the exchange.

Intranet: Closed, non-public network that is contained e.g. within an enterprise.

IPSec: Internet Protocol Security. Protocol (based on the IP) to ensure authenticity, privacy, and integrity during data exchange.

Intrusion Detection: Detection of break-ins or break-in attempts either manually via software expert systems that operate on logs or other information available on the network.

IP Address: In the most widely installed level of the Internet Protocol (IP) today, an IP address is a 32-bit number that identifies each sender or receiver of information that is sent in packets across the Internet. When you request an HTML page or send e-mail, the Internet Protocol part of TCP/IP includes your IP address in the message (actually, in each of the packets if more than one is required) and sends it to the IP address that is obtained by looking up the domain name in the URL you requested or in the e-mail address you are sending a note to. At the other end, the recipient can see the IP address of the Web page requestor or the e-mail sender and can respond by sending another message using the IP address it received.

IP Sniffing: Stealing network addresses by reading the packets. Harmful data is then sent stamped with internal trusted addresses.

IP Spoofing: An attack whereby an active, established, session is intercepted and co-opted by the attacker. EP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.

IP Spoofing: An attack whereby a system attempts to illicitly impersonate another system by using its EP network address.

IRT: Incident Response Team. Similar to CSIRC and IHT this is another acronym for CERTs.

ISO: International Standards Organization sets standards for data communications.