CISSP – Glossary Term S

CISSP LogoThis is my personal glossary about my preparation for obtain CISSP Certification and understand all Security keywords.  Here all keywords  beginning by letter S.




Safeguard: A control or countermeasure implemented to reduce the risk or damage associated with a specific threat.

sag: A short drop in voltage

Scan: A technique used to identify vulnerabilities in a system, usually by transmitting data to it and observing.

Scareware: A Type of Social engineering  attack wherein a Trojan horse program or a browser popup is intended to trick the user into thinking that there is a security problem in their computer. The intended victim is asked or tricked to click a button or link to fix a security problem; in reality the consenting user is enabling malware to run on a the computer.

Screening router: A firewall architecture that consists of a router that controls packets flow through the use of ACLs.

Script injection: An attack in which the attacker inject script code, in hopes that the code will be executed on a target system.

Secondary evidence: A duplicate or copy of evidence, such as a tape backup, screen capture, or photograph.

Secure and signed message format: A message encrypted in an asymmetric key system by using the recipient’s public key and the sender’s private key. This encryption method protects the message’s confidentiality and guarantees the messages’s authenticity.

Secure Electronic Transaction (SET): Developed by MasterCard and Visa to provide secure e-commerce transactions by implementing authentification mechanisms while protecting the confidentiality and integrity of cardholder data.

Secure European System and Application in a Multi-vendor Environment (SESAME): A ticket-based authentication protocol similar to Kerberos, with additional security enhancements.

Secure HyperTexte Transfer Protocol (S-HTTP): An Internet protocol that provides a method for secure communications with a web server.

Secure Message Format: A message encrypted in an asymmetric key system by using the recipient’s public key. Only the recipient’s private key can decrypt the message. This encryption method protects the message confidentiality.

Secure Multipurpose Internet Mail Extensions (S/MIME): Provide confidentiality and authentification for E-mail by using the RSA asymmetric key system, digital signatures, and X.509 digital certificates.

Secure Shell (SSH): A secure character protocol that’s secure alternative to Telnet and rsh.

Secure Sockets Layer/Transport Layer Security (SSL/TLS): A transport layer protocol that provides session-based encryption and authentification for secure communication between clients and servers on the Internet.

Security awareness: The process of providing basic security information to users in an organization to help them make prudent decision regarding the protection of the organization’s assets.

Security Kernel: The combination of hardware, software, and firmware element on the TCB that implement the reference monitor concept. Trusted Computer Base.

Security perimeter: The boundary that separates the TCB from the rest of the system.

Segregation of duties: A concept that ensure no single individual has complete authority and control of a critical system or process.

Sensitive but Unclassified (SBU): A U.S. government data classification level for information that’s not classified but requires protection, such as private or personal informations.

Sensitivity Label: In a MAC-based system, a subject’s sensitivity label specifies that’s subject’s level of trust, whereas an object’s sensitivity label specifies the level of trust required for access to that object.

Separation of duties and responsibilities: A concept that ensure no single individual has complete authority and control of a critical system or process.

Serial Line Internet Protocol (SLIP): An early Point-to-Point protocol (PPP) used to transport Internet Protocol (IP) over dial-up. PPP is more commonly used this this purpose.

Service Level Agreement (SLA): Formal minimum performance standards for systems, applications, networks, or services.

Session hijacking: Similar to Man in the middle Attack, except that the attacker impersonates the intended recipient instead of modifying messages in transit.

Shoulder surfing: A social engineering technique that involves looking over someone’s shoulder to obtain information such as passwords or account numbers.

Simple Key Management for Internet Protocol (SKIP): A protocol used to share encryption Key.

Single Sign-on (SSO): A system that allows a user to present a single set of log-on credentials, typically to an authentication server, which then transparently logs the users on to all other enterprise systems and applications for which that user is authorized.

Smartphone: Computer mobile device with phone capacity.

Smurf: A denial of service attack in which the attacker sends forged Internet Control message (ICMP) echo request packet into a network with the intention of having a larger numbers of nodes on the network sending ICMP echo replies tot the target system. (See Also Denis of Service “DoS”)

Sniffing: The practice to intercept communications for usually covert purposes.

Social Engineering: A low-tech attach method that employs techniques such as dumpster diving and shoulder surfing.

Software: Computer instructions that enable the computer to accomplish tasks.

Software Life development life cycle (SDLC): The business level process used to develop and maintain software.

SONET: Synchronous Optical Networking (SONET).

Spam (or Unsolicited Commercial Email [UCE]): Junk E-mail, which currently constitutes about 85 percent of all worldwide e-mail.

Spear phishing: A phishing attack that’s highly targeted; for example, at a particular organization on part fo an organization.

Spike: A momentaryy rush of electric power.

SPIM: Spam over instant Messaging

SPIT: Span over Internet Telephony

Spoofing: A technique used to forge TCP/IP packet information or e-mail header information. In network attacks, IP spoofing is used to gain access to system by impersonating the IP address of a trusted host. In e-mail spoofing the sender address is forged to trick an e-mail user into opening or responding to an e-mail (which usually contains a virus or spam).

Spyware: A form of malware that’s installed a user’s computer, usually without his or her knowledge, often for the purpose of collecting information about a user’s Internet usage or for taking control of his or her computer. Spyware increasingly includes keystroke loggers and Trojan horses.

SQL Injection: A type of attack where the attacker injects SQL Commands into a computer input field, in hopes that the SQL command will be passed to the database management system.

Standards: Specific, Mandatory requirements that further define and support high-level policies.

Star: A network topology in which all devices are directly connected to a central hub or concentrator.

State attack: An attack where the attacker is attempting to steal other user’s session identified, in order to access a system using a stolen session.

Stateful inspection firewall: A type of firewall that captures and analyzes data packets at all levels of the Open Systems Interconnection (OSI) model to determine the state and context of the data packet and whether it’s to be permitted access to the network.

Static Password: A password that’s same for each logon.

Statutory damages: Mandatory damages determined by law and assessed for violating the law.

Steganography: The art of hiding the very existence of a message; For exemple, in a picture.

Stored procedure: A subroutine that is accessible by software programs, and which is stored in a relational database management.

stream cipher: An encryption algorithm that operates on a continuous stream of data, typically bit-by-bit.

Strong authentication: A means of authentication that requires two or more independent means of identification. See two-factor authentication.

Structured Query Language (SQL): A computer Language used to  manipulate data in a database management system.

Subject: An active entity, such as an individual or a process.

Substitution cipher: Ciphers that replace bits, characters, or character blocks in plaintext with alternate bits, characters, or character blocks to produce ciphertext.

Supervisor Mode: A level of elevated  privilege, usually intended for only system administration use. See also User mode.

Surge: A prolonged rush of electric power.

Switch: An intelligent hub that transmits data to only individual devices on a network, rather than all devices (in the way that hubs do).

Switched Multimegabit Data Service (SMDS): A high-speed, packet-switched, connectionless-oriented, datagram-based technology available over public switched networks.

Symmetric key system (or symmetric algorithm, secret key, single key, private key): A cryptographic system that uses a single key to both encrypt and decrypt information.

SYN Flood: An attack in which the attacker sends large volumes of Transmission Control Protocol (TCP)SYN(synchronize) packets to a target system. A Syn flood is a type of Denial of Service Attack.

Synchronous Optical Networking (SONET): A telecommunication carrier-class protocol used to communicate digital information over optical fiber.

System Access Control: A control that prevents a subject from accessing a system unless the subject can present valid credentials.

System High Mode: A state in which  a system operates at the highest level of information classification.