Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Version 2.0

Cybersecurity Style Guide

I

i18n

Internationalization. 18 represents the 18 letters removed from the middle of the word “internationalization.”

Related:

I2P

Invisible Internet Project. An anonymous communication network. Do not spell out.

IaaS

Infrastructure as a service. Spoken as the whole phrase. Spell out on first use.

IAM (n.)

Identity and access management. Spell out on first use. Capitalize the phrase when discussing AWS and GCP features that provide this service.

IANA

Internet Assigned Numbers Authority.

IANAL or IANL

“I am not a lawyer” or “I am no lawyer.” Informal.

IC, ICs (n.)

Short for integrated circuit or intelligence community. Sometimes refers to a specific group of 16 U.S. agencies. Spell out on first use to clarify your intended meaning.

ICE

Intrusion Countermeasures Electronics or Immigration and Customs Enforcement. Spell out on first use to clarify your intended meaning.

ICMP

Internet Control Message Protocol. Spell out on first use.

Related:

ICO

Initial coin offering. Spell out on first use.

IDE, IDEs (n.)

Integrated development environment. Also stands for Integrated Drive Electronics, an obsolete device connector type. Spell out on first use.

Ex: Eclipse, NetBeans, Visual Studio

Related:

idempotence (n.), idempotent (adj.)

An idempotent operation produces a result that is not affected by repetition.

Ex: HTTP GET request

IDOR, IDORs (n.)

Insecure direct object reference. Pronounced as “eye-door,” letters, or the whole phrase. Spell out on first use.

IdP, IdPs (n.)

Identity provider. Spell out on first use.

iDRAC

Integrated Dell Remote Access Control.

Related:

IDS, IDSes (n.)

Intrusion detection system. Spell out on first use. Avoid using the acronym in the plural if possible.

Related:

IE

Internet Explorer. Spell out on first use.

i.e.

Means “that is to say” in Latin. Always followed by a comma. e.g. means “for example.” Choose wisely.

Related:

IETF

Internet Engineering Task Force. An open internet standards organization.

Related:

iframe or iframe tag (n.)

Inline frame. IFrame and iFrame also appear in texts, but we prefer lowercase.

Related:

IFTTT

Short for If This Then That. A service where users can create conditional statement chains called recipes. Pronounced as “ift.”

IIoT (n.)

Industrial Internet of Things. Pronounced as “industrial IoT” or the whole phrase. Spell out on first use.

IIRC

“If I recall correctly.” Informal.

IIS, IIS 10.0, IIS Express

Microsoft Internet Information Services.

Related:

IKE, IKEv1, IKEv2

Internet Key Exchange. Do not spell out unless defining the term.

Related:

iLO

HPE Integrated Lights Out. A remote server management processor. Pronounced as letters or “eye-low.”

ILSpy

An open source .NET assembly browser and decompiler.

IM, IMs (n. or v.)

Instant message. Pronounced as letters or the whole phrase. Spell out in formal writing.

Imgur

An image-hosting website with a giraffe mascot. Pronounced as “imager.”

implicit (adj.)

Describes code that depends on methods built into the language.

Related:

improper (adj.)

Commonly describes vulnerabilities that involve a misconfiguration.

Ex: improper input validation, improper MIME type, improperly scoped cookies

in-band (adj.)

Ex: in-band reflection of file contents

Related:

incident response (IR) (n.)

Use lowercase when writing about the concept. Capitalize it if referring to the name of a specific document or team.

influencer (n.)

A social media celebrity. PR jargon; use sparingly.

infodump (n. or v.)

The process of debriefing or transferring knowledge. Informal; do not use in formal writing.

information security (n.)

This industry is also called infosec, cybersecurity, and internet security.

information superhighway (n.)

Outdated. Don’t use this to describe the internet.

infosec (n. or adj.)

Intelligence communities use this term to describe the information security industry. Informal.

init script (n.)

Boot script for Unix.

injection (n.)

A technique for inserting malicious content, typically with a goal of executing it. Compare to poisoning, which typically describes the insertion of content that is later retrieved by other systems or users.

inline (adj.)

Describes code that is included in the location where it will run, as opposed to code that exists in another location where it can be called. For example, when a snippet of JavaScript is included in an HTML file instead of a separate JavaScript file. The CSP rule is called unsafe-inline.

in-scope (adj.), in scope (adv.)

Ex: The team accessed an in-scope server. The service was included in scope for testing.

Related:

insecure vs. not secure or unsecured (adj.)

These are sometimes used interchangeably but may mean very different things. Define briefly to clarify your intended meaning. Do not use “unsecure” as an adjective.

Related:

insourcing (n.)

The opposite of outsourcing.

Related:

instance count (n.)

The number of unique locations in a codebase, system, or network that require modification to remediate a finding.

institutional knowledge (n.)

Use this term or in-house knowledge instead of “tribal knowledge.”

integrity (n.)

Data integrity is preserved when the data has not been tampered with — not altered, added to, or subtracted from.

interface (n. or v.)

As in “exposed administrative interface.”

Internet Archive

A nonprofit library and archive of historical web pages through the Wayback Machine. https://archive.org/

Related:

Internet Explorer (IE)

A web browser.

Interpol

The international police organization.

Related:

introspection (n.)

A feature that allows a system to monitor or query itself. Avoid using the verb to describe use of this technology.

Ex: type introspection, virtual machine introspection

Related:

invalidated (adj. or v.) vs. unvalidated (adj.)

Invalidated data has been checked and deemed invalid. Unvalidated data has not been checked at all.

Related:

IOA or IoA, IOAs, IoAs (n.)

Indicator of attack. Spell out on first use.

IOC or IoC, IOCs, IoCs (n.)

Indicator of compromise. Spell out on first use to avoid confusion with the International Olympic Committee.

IOS

Internetwork Operating System. Cisco networking software.

iOS

Apple mobile platform. Because of the lowercase “i,” avoid beginning sentences with this term if possible. Do not confuse with Cisco’s IOS.

IP (n.)

Short for Internet Protocol or intellectual property, depending on context. For clarity, spell out “intellectual property” on first use in technical writing.

IPC (n.)

Inter-process communication. Spell out on first use.

iPhone

Apple smartphone.

Ex: iPhone 14 Pro, iPhone SE

IPMI

Intelligent Platform Management Interface. A computer interface specification. Spell out on first use.

IPO, IPOs (n.)

Initial public offering.

Related:

IPP

Internet Printing Protocol.

IPS, IPSes (n.)

Intrusion prevention system. Spell out on first use.

Related:

IPsec

Internet Protocol Security. Spell out on first use.

IPT (n.)

Internal penetration testing. Spell out on first use.

iptables

Related:

Ipv4, Ipv6

The main versions of Internet Protocol used today. Do not spell out.

Ex: 127.0.0.1, ::1

IR (n.)

Incident response. Pronounced as letters or the whole phrase. Spell out on first use.

IRC

Internet Relay Chat. A messaging system.

IRL

“In real life.” Informal.

IR plan (n.)

Short for incident response plan. Spell out on first use.

ISAC

Information Sharing and Analysis Center. A sector-specific nonprofit threat detection organization. Pronounced as “I-sack.” Spell out on first use.

Ex: FS-ISAC, EE-ISAC

ISO/IEC 27001

A common information security framework that determines international standards for many types of technology and equipment. ISO is pronounced as “eye-so.”

ISP, ISPs (n.)

Internet service provider. Spell out on first use in public-facing documents.

IT (n.)

Information technology.

The IT Crowd

A British sitcom about a tech support department.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.