Security Glossary - I

This glossary has been created to assist security professionals in defining security terms commonly used by the profession and the industry, worldwide. It is a developing list that will be maintained, and where appropriate, modified, and changed over time. Terms borrowed from related fields, such as engineering, investigations, safety, etc. will be included when deemed necessary for the security professional.


The definition's source is cited in brackets [ ] following the definition. View the key to all cited reference sources.

It is NOT our goal to publish this glossary in print since it is intended to be a current online reference (on the ASIS website) to serve the security professional on an ongoing basis.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
identifying information

​Also referred to as Personally Identifiable Information (PII). Any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including:

  1. Name, Social Security Number, date of birth, official State or government issued driver’s license or identification number, alien registration number, government passport number, employer or taxpayer identification number;
  2. Unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation;
  3. Unique electronic identification number, address, or routing code; or
  4. Telecommunication identifying information or access device (as defined in 18 U.S.C. 1029(e)).
    [ASIS GDL PBS-2009]

(1) ​Evaluated consequence of a particular outcome.
[ASIS SPC.1-2009]  [ANSI/ASIS PAP.1-2012]

(2) The positive or negative effect on someone or something (see consequence).

impact analysis

​(1) Process of analyzing all operational functions and the effect that an operational interruption might have upon them. Note:  Impact analysis includes Business Impact Analysis – the identification of critical business assets, functions, processes, and resources as well as an evaluation of the potential damage or loss that may be caused to the organization resulting from a disruption (or a change in the business or operating environment). Impact analysis identifies: 1) how the loss or damage will manifest itself; 2) how that degree for potential escalation of damage or loss with time following an Incident; 3) the minimum services and resources (human, physical, and financial) needed to enable business processes to continue to operate at a minimum acceptable level; and 4) the timeframe and extent within which activities, functions, and services of the organization should be recovered.    
[ASIS SPC.1-2009]

(2) Process that identifies and evaluates the potential effects of change upon an organization. This may include an assessment of the pros and cons of pursuing a course of action in light of its possible consequences, or the extent and nature of further change (intended or unintended) that such change may cause.


​Evidence which cannot be formerly considered in a legal proceeding.


​The act or process of confining someone; imprisonment.


(1) An event with consequences that has the capacity to cause loss of life, harm to tangible or intangible assets, or negatively impact human rights and fundamental freedoms of internal or external stakeholders.
​[ANSI/ASIS PSC.1-2012]

(2) Event that has the capacity to lead to human, intangible or physical loss, or a disruption of an organization’s operations, services, or functions – which, if not managed, can escalate into an emergency, crisis, or disaster.
[ASIS SPC.1-2009]  [ANSI/ASIS PAP.1-2012]

(3) An event with consequences that has the capacity to cause gains or losses/harm to objectives and/or assets (e.g., tangible, intangible and human assets, the environment, and rights of stakeholders).

incident management

​(1) Also termed case management. The process and practice of responding to reports, made to or coming to the attention of management, regarding problematic behavior that has generated concerns under the organization’s workplace violence prevention policy.

(2) Incident management refers to the processes, strategies, and methods followed by a threat management team to (a) receive reports of behaviors requiring assessment, (b) assess the cases, (c) develop and implement an intervention strategy, and (d) monitor the case until final resolution is achieved.
[ASIS GDL WPV 09 2005]


​Any person currently functioning in the Chief Security Officer (CSO) role, being considered for the CSO role via an external recruitment effort, or any existing management team member who will be assigned the accountabilities recommended for the CSO role within the ASIS CSO Standard (2008).
[ASIS CSO.1-2008]

information security risk management program

​The overall strategic and tactical roadmap used to assess threats, their impacts to critical information and resources, prioritization of those impacts, recommended countermeasures to mitigate those impacts, and continual management of the security process.
[ASIS GDL TASR 04 2008]

intangible assets

​Includes such things as reputation, customer confidence, client confidence, trade secrets, intellectual property, and goodwill.
[ASIS CSO.1-2008] [ANSI/ASIS CSO.1-2013]


(1) ​The property of safeguarding the accuracy and completeness of assets.
[ASIS SPC.1-2009]  [ANSI/ASIS PAP.1-2012]  [ANSI/ASIS PSC.1-2012]

(2) Assuring the soundness, reliability, and completeness of tangible and intangible assets.

integrity seals

​A seal that provides clear evidence that it has been tampered with or illegitimately opened and whose forcible removal would result in the visible destruction of its essential parts.
[ASIS GDL TASR 04 2008]

intellectual property rights (IPR)

​A category of intangible rights protecting commercially valuable products of the human intellect. The category comprises primarily trademark, copyright, and patent rights, but also includes trade secret rights, publicity rights, moral rights, and rights against unfair competition. (Note: Some areas of the world differ significantly in their recognition and enforcement of patents, trademarks, copyrights, and other IPR. It is important to understand the IPR climate and the ability of the legal safeguards that are applicable in each jurisdiction where there is a necessity to support your business requirements.)
[ASIS GDL IAP 05 2007]


​A state of mind which if proven, demonstrates the intention to commit a criminal act.
[ANSI/ASIS INV.1-2015]

internal audit

​Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the management system audit criteria set by the organization are fulfilled. Note: In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
[ASIS SPC.1-2009]  [ANSI/ASIS PAP.1-2012]

internal context

​Internal environment in which the organization seeks to achieve its objectives.
Note: Internal context can include:
  — Governance, organizational structure, roles, and accountabilities;
  — Policies, objectives, and the strategies that are in place to achieve them;
  — The capabilities understood in terms of resources and knowledge (e.g., capital, time, people, processes, systems, and technologies);
  — Perceptions and values of internal stakeholders;
  — Information systems, information flows, and decision-making processes (both formal and informal);
  — Relationships with, and perceptions and values of, internal stakeholders;
  — The organization's culture;
  — Standards, guidelines, and models adopted by the organization; and
  — Form and extent of contractual relationships.
[ANSI/ASIS PAP.1-2012]

International Traffic In Arms Regulations (ITAR)

​A set of United States government regulations that control the export and import of defense-related articles and services on the United States Munitions List (USML). These regulations implement the provisions of the Arms Export Control Act (AECA), and are described in Title 22 (Foreign Relations), Chapter I (Department of State), Subchapter M of the Code of Federal Regulations.


​A conversational exchange for the purpose of collecting information to reveal facts and the truth about the events under question.
[ANSI/ASIS INV.1-2015]


​One who conducts interviews.
[ANSI/ASIS INV.1-2015]

intimate partner violence

​Synonymous with domestic violence, domestic abuse, spousal abuse, and family violence.  Can be broadly defined as a pattern of abusive behaviors in an intimate relationship (whether heterosexual or homosexual), including marriage, cohabitation, dating, family, or friendship.  Intimate partner violence can consist of physical aggression, threats, stalking, sexual abuse, psychological abuse, neglect, economic deprivation, and any form of threatening, injurious, and violent acts.

intrusion detection system

​A system that uses a sensor(s) to detect an impending or actual security breach and to initiate an alarm or notification of the event.
[ASIS GDL FPSM-2009]  [ANSI/ASIS PAP.1-2012]


​A fact-finding process of logically, methodically, and lawfully gathering and documenting information for the specific purpose of objectively developing a reasonable conclusion based on the facts learned through this process.
[ANSI/ASIS INV.1-2015]

investigation findings

​A result or conclusion reached after examination or investigation.
Note: The term as used in this Standard should not be confused with the word findings when used as a term of art by the legal profession. Generally when used as such, the word describes the result of the deliberations of a jury or court following a judicial proceeding or investigation.
[ANSI/ASIS INV.1-2015]

investigation process

​A structured and sometimes scientific approach to investigation. Sufficiently structured to provide uniformity and consistency yet, fluid and flexible enough to accommodate any situation or fact pattern.
[ANSI/ASIS INV.1-2015]

investigation team leader (ITL)

​The person designated as leading the investigation team. The ITL is typically the point of contact through whom those outside the investigative team communicate with it.
[ANSI/ASIS INV.1-2015]

investigation unit manager (IUM)

​The person responsible for managing the investigation program and assuring the necessary financial, human, physical, and time resources are committed to conduct an effective investigation.
[ANSI/ASIS INV.1-2015]

investigative consumer report

​FCRA § 603(e)(15 U.S.C. § 1681a) provides that the term "investigative consumer report" means a consumer report or portion thereof in which information on a consumer's character, general reputation, personal characteristics, or mode of living is obtained through personal interviews with neighbors, friends, or associates of the consumer reported on or with others with whom he is acquainted or who may have knowledge concerning any such items of information. However, such information shall not include specific factual information on a consumer's credit record obtained directly from a creditor of the consumer or from a consumer reporting agency when such information was obtained directly from a creditor of the consumer or from the consumer. In other words, another official name for a special type of preemployment background screen which normally involves communicating with others that know the applicant and reporting back the details of those inquiries. If information is obtained that is adverse to the interest of the consumer, then Section 606 of the FCRA sets forth additional requirements.

investigative record

​The official record of all data obtained on the Subject from Trusted Information Providers, suitability and/or security applications and questionnaires, and any investigative activity conducted under these [Federal Investigative] Standards. (Joint Security Clearance Reform Team, ONCIX, 2013) 

Investigative Service Provider (ISP)

​An organization that conducts investigations under original or delegated authority.  The ISP may conduct investigations on behalf of private industry or the government.

investigative unit (IU)

​The entity within the organization tasked with conducting or overseeing investigations.
[ANSI/ASIS INV.1-2015]

1 - 30Next