Glossary I

IaaS provides virtualized computing resources — virtual machines, storage, and networking — over the internet, with the cloud provider managing the physical hardware. AWS EC2, Azure VMs, and GCP Compute Engine are IaaS offerings. IaaS gives maximum control but requires managing OS patching, runtime configuration, and scaling logic. Most organizations use a mix of IaaS, PaaS, and SaaS services.

IaC is the practice of managing and provisioning infrastructure through machine-readable configuration files rather than manual processes. Tools like Terraform, Pulumi, and CloudFormation enable teams to version-control infrastructure, review changes in pull requests, and reproduce environments deterministically. IaC is a cornerstone of DevOps and GitOps practices.

IAM is the framework of policies, processes, and technologies that manages digital identities and controls access to resources. It encompasses user authentication, authorization, role assignment, and access auditing. Modern IAM systems integrate with SSO providers, enforce MFA, and support fine-grained RBAC policies.

AWS IAM Access Analyzer uses automated reasoning to analyze resource-based policies and identify resources shared with external principals (outside the account or AWS organization), generating findings for unintended access. It can validate IAM policies against security best practices before deployment, check policies for syntax errors, and generate least-privilege policies based on CloudTrail access activity. Access Analyzer is a key tool for detecting and preventing unintended public access to S3 buckets, KMS keys, and other resources.

Cloud IAM roles are collections of permissions that can be assigned to cloud identities (users, groups, service accounts, or workloads) to control what actions they may perform on cloud resources. Unlike long-lived credentials, role-based access in cloud environments uses temporary credentials assumed via role assumption, eliminating static secret management. Least-privilege role design — granting only the specific permissions needed — is the primary defense against privilege escalation in cloud environments.

IAST instruments running applications with agents that monitor security issues from within during normal operation or testing. Unlike SAST (which reads code) or DAST (which attacks from outside), IAST observes actual execution paths to detect vulnerabilities with high accuracy and low false-positive rates. It requires no source code access and works well in CI/CD pipelines.

An IDE is a software application that provides comprehensive tools for software development in a single interface — typically a code editor, debugger, build automation, and version control integration. Modern IDEs like VS Code, IntelliJ, and Cursor add AI-powered code completion, real-time error detection, and extension ecosystems.

An IdP is a system that creates, maintains, and manages digital identities and provides authentication services to relying applications. Enterprise IdPs like Okta, Microsoft Entra ID, and Ping Identity serve as the authoritative source for user identity, handling authentication flows via SAML, OIDC, and SCIM. The IdP model centralizes authentication rather than delegating it to individual applications.

An IDS monitors network traffic or host activity for malicious patterns and generates alerts when suspicious activity is detected. Network IDS (NIDS) analyzes packets on the wire; host IDS (HIDS) monitors system logs, file changes, and process activity on individual machines. Unlike IPS, an IDS only detects and alerts — it does not actively block traffic.

Image scanning analyzes container images for known vulnerabilities in OS packages and application dependencies before or during deployment. Scanners like Trivy, Grype, and Snyk compare image contents against vulnerability databases and can block deployment of images that exceed a configurable severity threshold. Integrating scanning into CI/CD prevents vulnerable images from reaching production.

Image signing cryptographically attests that a container image was produced by a trusted source and has not been tampered with since it was signed. Signed images create a verifiable chain of custody from build pipeline to production deployment. Admission controllers can enforce that only signed images from approved signers are deployed to Kubernetes clusters.

Immutable infrastructure is an approach where infrastructure components are never modified after deployment; instead, changes are made by replacing instances with new ones built from updated configurations. From a security perspective, immutability ensures that drift from a known-good state cannot occur, eliminates persistent foothold opportunities for attackers, and guarantees consistency between environments. Container-based and serverless architectures are inherently immutable by design.

In-context learning (ICL) is the ability of large language models to adapt their behavior based on examples or instructions provided within the prompt, without gradient updates to model weights. The model implicitly "learns" from the examples at inference time. ICL is the mechanism behind few-shot, one-shot, and zero-shot prompting and is an emergent property of large-scale pre-training.

Incident management is the structured process of detecting, responding to, and resolving service disruptions. It encompasses alerting, on-call escalation, communication (status page updates), incident command, and post-incident review. Mature incident management practices reduce MTTR, minimize customer impact, and generate learning that prevents future incidents.

Cloud incident response is the process of detecting, containing, investigating, and recovering from security incidents in cloud environments. It leverages cloud-specific capabilities including rapid instance isolation (security group modification), forensic snapshot creation, CloudTrail-based investigation, and automated remediation via Lambda or runbooks. Cloud incident response plans must account for ephemeral resources that may disappear before investigation, making continuous logging and automated artifact preservation critical.

Inference is the process of running a trained model to generate predictions or text from new inputs. Unlike training, inference does not update model weights. LLM inference is computationally intensive due to the quadratic attention complexity and sequential token generation, driving demand for optimized inference engines, quantization, and hardware accelerators.

Infrastructure entitlement management focuses on analyzing and enforcing least privilege access across cloud infrastructure by mapping effective permissions (combining all applicable policies) to identify overly permissive access. CIEM (Cloud Infrastructure Entitlement Management) tools visualize permission graphs across multi-cloud environments, detect unused permissions, and recommend right-sizing of IAM policies. Entitlement management addresses the gap between granted permissions and permissions actually needed.

Infrastructure testing applies software testing principles to infrastructure code — validating that Terraform modules, CloudFormation templates, and Kubernetes manifests behave correctly before being applied to production. Tests verify resource creation, configuration correctness, security controls, and idempotency. Infrastructure testing reduces the blast radius of IaC changes.

In networking, ingress refers to traffic entering a system or cloud environment. Cloud providers typically do not charge for ingress bandwidth — data flowing into their networks — making ingress costs essentially free. In Kubernetes, 'Ingress' specifically refers to the API object that manages external HTTP/HTTPS access to cluster services, typically implemented by an ingress controller like NGINX or AWS ALB.

Injection attacks occur when untrusted data is sent to an interpreter as part of a command or query, allowing attackers to manipulate execution. SQL injection, OS command injection, LDAP injection, and template injection are all variants. The OWASP Top 10 has consistently ranked injection as one of the most critical web application security risks, preventable through parameterized queries and input validation.

Input validation ensures that data supplied by users or external systems conforms to expected types, formats, lengths, and ranges before processing. It is the first line of defense against injection attacks, buffer overflows, and business logic exploits. Validation should be performed server-side (never trusting client-side only), using allowlists that define acceptable input rather than denylists of known bad input.

Insecure deserialization occurs when applications deserialize data from untrusted sources without validation, allowing attackers to manipulate serialized objects to achieve remote code execution, privilege escalation, or denial of service. The vulnerability is particularly dangerous in Java, Python, and PHP applications that use object serialization for session management or inter-service communication. Mitigations include integrity checks, type allowlisting, and avoiding native serialization of untrusted data.

InSpec is an open-source compliance testing framework from Chef that allows engineers to describe security and compliance requirements as code. InSpec profiles test infrastructure configuration against CIS benchmarks, PCI DSS, HIPAA, and custom controls. It integrates into CI/CD pipelines to enforce compliance continuously rather than through periodic manual audits.

Instruction tuning fine-tunes a pre-trained language model on a dataset of instruction-response pairs, teaching it to follow diverse natural language directives. Models like InstructGPT, Llama-3-Instruct, and Mistral-Instruct are produced through instruction tuning. This technique dramatically improves zero-shot task performance and the model's ability to act as a helpful assistant.

Insufficient logging and monitoring refers to the failure to capture, retain, and alert on security-relevant events, allowing attackers to operate undetected. Critical events like failed logins, access control violations, and input validation failures should be logged with sufficient context for forensic analysis. Without adequate logging, organizations lack the visibility needed to detect breaches, investigate incidents, and meet compliance audit requirements.

INT4 quantization represents model weights using 4-bit integers instead of 16- or 32-bit floats, reducing model size by 4–8x and significantly increasing inference speed on compatible hardware. INT4 models introduce quantization error that can degrade accuracy on complex reasoning tasks, but modern methods like GPTQ and AWQ minimize this degradation. INT4 is used to run 70B+ parameter models on single consumer GPUs.

INT8 quantization stores model weights and/or activations in 8-bit integers, halving memory usage compared to FP16 with minimal accuracy loss. It is supported by NVIDIA's TensorRT, bitsandbytes, and ONNX Runtime for efficient inference. INT8 is often considered the safe default quantization level for production deployments where some accuracy tradeoff is acceptable.

An internet gateway is a horizontally scaled, redundant VPC component that enables communication between resources in a VPC and the public internet. It performs network address translation (NAT) for instances with public IP addresses. Attaching an internet gateway to a VPC and adding a route table entry (0.0.0.0/0 → igw) is required for public subnets to receive inbound internet traffic.

IOAs are behavioral patterns that indicate an attack in progress, rather than evidence of a past compromise. Unlike IOCs (which look for known-bad artifacts), IOAs detect suspicious sequences of actions — like a process spawning a shell, then enumerating users, then connecting to an external IP — regardless of the specific tools used. IOA-based detection is more effective against novel malware and living-off-the-land attacks.

IOCs are artifacts found in network or host forensics that indicate a system has been compromised — including malicious IP addresses, domain names, file hashes, registry keys, and URL patterns. Security teams share IOCs through threat intelligence platforms to enable rapid detection across organizations. IOCs are reactive by nature; by the time they're known, an attack has already occurred.

IOPS measures the number of read and write operations a storage device or service can perform per second. Databases and transactional workloads are IOPS-sensitive — insufficient IOPS causes queue depth buildup and latency spikes. Cloud storage services offer IOPS tiers (AWS EBS gp3 provides 3,000 IOPS baseline) and allow provisioning higher IOPS for demanding workloads.

An IPS sits inline with network traffic and actively blocks connections that match attack signatures or behavioral anomalies, extending IDS capabilities with automated enforcement. Modern IPS is often integrated into NGFWs or delivered as a cloud service. False positive rates are a key concern — overly aggressive blocking can disrupt legitimate business traffic.

IRSA is an AWS mechanism that associates Kubernetes service accounts with AWS IAM roles, allowing pods to assume IAM roles without long-lived AWS credentials. It uses OIDC federation between EKS and AWS IAM, minting short-lived AWS credentials scoped to the IAM role permissions. IRSA eliminates the need to store AWS access keys in Kubernetes secrets or environment variables, significantly reducing the risk of credential exposure.

ISO 27001 is the international standard for information security management systems (ISMS), defining requirements for establishing, implementing, maintaining, and continually improving information security. Certification requires a formal risk assessment, implementation of a set of controls from Annex A, and an audit by an accredited certification body. It's the most widely recognized security certification outside the U.S. government space.

ISR allows static pages to be regenerated in the background on a schedule or on demand, without rebuilding the entire site. After the first request following a revalidation interval, Next.js serves the stale page while regenerating a fresh one. ISR combines SSG's performance benefits with the ability to keep content current, making it suitable for large sites with frequently changing content.

Istio is an open-source service mesh that provides traffic management, mutual TLS, observability, and policy enforcement for Kubernetes microservices without application code changes. It uses Envoy sidecar proxies injected into each pod to intercept all inbound and outbound traffic. Istio's control plane (Istiod) distributes configuration, certificates, and telemetry aggregation across the mesh.

ITAR is a set of U.S. government regulations controlling the export and import of defense-related articles, services, and technical data listed on the U.S. Munitions List. Software companies must implement strict access controls to prevent non-U.S. persons from accessing ITAR-controlled data, including through cloud infrastructure with non-U.S. data centers or personnel. Violations carry severe civil and criminal penalties.