Glossary- S Flashcards

1
Q

sabotage

A

Deliberate damage of an organization’s asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

salvage

A

The process of recovering components or assets that still have value after a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

sample

A

A portion of a population of records that is selected for auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

sample mean

A

The sum of all samples divided by the number of samples.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

sample standard deviation

A

A computation of the variance of sample values from the sample mean. This is a measurement of the “spread” of values in the sample.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

sampling

A

A technique that is used to select a portion of a population when it is not feasible to test an entire population.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

sampling risk

A

The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage, as the numeric inverse of the con- fidence coefficient. See also confidence coefficient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SAS 70 (Statement of Accounting Standards No. 70)

A

An external audit of a service provider. An SAS 70 audit is performed according to rules established by the American Institute of Certified Public Accountants (AICPA). Deprecated by SSAE16. See also SSAE16.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

scanning attack

A

An attack on a computer or network with the intention of discover- ing potentially vulnerable computers or programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

screened shielded twisted pair (S/STP)

A

A type of twisted-pair cable where a thick metal shield protects each pair of conductors, plus an outer shield that protects all of the conductors together. See also twisted-pair cable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

screened unshielded twisted pair (S/UTP)

A

A type of twisted-pair cable where the entire cable has a thick metal shield that protects the cables. See also twisted-pair cable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

screening router

A

A network device that filters network traffic based on source and destination IP addresses and ports. See also firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

script kiddie

A

An inexperienced computer hacker who uses tools developed by others to illegally access computers and networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Scrum

A

An iterative and incremental methodology used for rapid and agile software development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

secondary storage

A

A computer’s long-term storage of information, usually imple- mented with hard disk drives or static random access memory (SRAM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

secure copy (SCP)

A

A TCP/IP application layer protocol used as a file transfer protocol that is similar to remote copy (RCP), but is protected using secure shell (SSH). See re- mote copy (RCP), secure shell (SSH).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

secure electronic transaction (SET)

A

A protocol used to protect credit card transac- tions that uses a digital envelope. SET has been deprecated by Secure Sockets Layer (SSL) and Transport Layer Security (TLS). See also digital envelope, Secure Sockets Layer (SSL), and Transport Layer Security (TLS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Secure File Transfer Protocol (SFTP)

A

A TCP/IP application layer protocol that is an extension of the FTP protocol, where authentication and file transfer are encrypted us- ing SSH. Sometimes referred to as SSH File Transfer Protocol. See also File Transfer Protocol (FTP), secure shell (SSH).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Secure Hypertext Transfer Protocol (SHTTP)

A

A protocol used to encrypt webpages between web servers and web browsers. Often confused with Hypertext Transfer Proto- col Secure (HTTPS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Secure Multipurpose Internet Mail Extensions (S/MIME)

A

An e-mail security proto- col that provides sender and recipient authentication and encryption of message con- tent and attachments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

secure shell (SSH)

A

A TCP/IP application layer protocol that provides a secure chan- nel between two computers whereby all communications between them are encrypted. SSH can also be used as a tunnel to encapsulate and thereby protect other protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Secure Sockets Layer (SSL)

A

An encryption protocol used to encrypt webpages re- quested with the HTTPS (Hypertext Transfer Protocol/Secure) URL. Deprecated by Transport Layer Security (TLS). See also Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

security awareness

A

A formal program used to educate employees, users, customers, or constituents on required, acceptable, and unacceptable security-related behaviors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

security governance

A

Management’s control over an organization’s security program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

security guards

A

Personnel who control passage at entry points or roam building
premises looking for security issues such as unescorted visitors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

security incident

A

An event where the confidentiality, integrity, or availability of infor- mation (or an information system) has been compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

security incident response

A

The formal, planned response that is enacted when a se- curity incident has occurred. See also security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

security policy

A

See information security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

security requirements

A

Formal statements that describe the required security charac-
teristics that a system must support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

segregation of duties

A

The concept that ensures single individuals do not possess ex- cess privileges that could result in unauthorized activities such as fraud or the manipu- lation or exposure of sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

separation of duties

A

See segregation of duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

serial line interface protocol (SLIP)

A

A network protocol used to transport TCP/IP

packets over point-to-point serial connections (usually RS-232).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

server

A

A centralized computer used to perform a specific task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

service continuity management

A

The IT function that consists of activities concerned with the organization’s ability to continue providing services, primarily in the event that a natural or man-made disaster has occurred. See also IT service management, busi- ness continuity planning, and disaster recovery planning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

service desk

A

The IT function that handles incidents and service requests on behalf of customers by acting as a single point of contact. See also IT service management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

service-level agreement (SLA)

A

An agreement that specifies service levels in terms of the quantity of work, quality, timeliness, and remedies for shortfalls in quality or quantity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

service-level management

A

The IT function that confirms whether IT is providing ad- equate service to its customers. This is accomplished through continuous monitoring and periodic review of IT service delivery. See also IT service management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

service provider audit

A

An audit of a third-party organization that provides services to other organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

service set identifier (SSID)

A

A friendly name that identifies a particular 802.11 wire- less network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

session

A

Layer 5 of the OSI network model. See also OSI network model.

41
Q

session border controller

A

A device deployed in a VoIP network to control VoIP secu-

rity, connectivity, quality of service, and metering.

42
Q

session hijacking

A

An attack on a user’s browser session where the attacker intercepts the user’s session cookie from an unencrypted wired or wireless network and then uses the cookie to take over the victim’s browser session.

43
Q

session initiation protocol (SIP)

A

The network protocol used to set up and tear down Voice over IP (VoIP) and other communications connections. See also Voice over IP (VoIP).

44
Q

shielded twisted pair (STP)

A

A type of twisted-pair cable where a thin metal shield protects each pair of conductors. See also twisted-pair cable.

45
Q

Simple Mail Transfer Protocol (SMTP)

A

A TCP/IP application layer protocol that is used to transport e-mail messages.

46
Q

Simple Network Management Protocol (SNMP)

A

A TCP/IP application layer proto- col used by network devices and systems to transmit management messages indicating a need for administrative attention.

47
Q

Simple Object Access Protocol (SOAP)

A

A protocol that is used to facilitate the ex- change of structured information between systems.

48
Q

simulation

A

A test of disaster recovery, business continuity, or security incident re- sponse procedures where the participants take part in a “mock disaster” or incident to add some realism to the process of thinking their way through emergency response documents.

49
Q

single loss expectancy (SLE)

A

The financial loss when a threat is realized one time. SLE is defined as AV × EF. See also asset value (AV), exposure factor (EF).

50
Q

single sign-on

A

An interconnected environment where applications are logically con- nected to a centralized authentication server that is aware of the logged-in/-out status of each user. A user can log in once to the environment; each application and system is aware of a user’s log-in status and will not require the user to log in to each one separately.

51
Q

site classification policy

A

Policy that defines sensitivity levels, security controls, and security procedures for information processing sites and work centers.

52
Q

smart card

A

A small, credit-card–sized device that contains electronic memory and is accessed with a smart card reader and used in two-factor authentication.

53
Q

smart phone

A

A mobile phone equipped with an operating system and software ap- plications.

54
Q

snapshot

A

A continuous auditing technique that involves the use of special audit modules embedded in online applications that sample specific transactions. The mod- ule copies key database records that can be examined later on.

55
Q

sniffer

A

A program that can be installed on a network-attached system to capture net- work traffic being transmitted to or from the system.

56
Q

social engineering

A

The act of using deception to trick an individual into revealing secrets.

57
Q

Software as a Service (SaaS)

A

A software delivery model where an organization ob- tains a software application for use by its employees and the software application is hosted by the software provider, as opposed to the customer organization.

58
Q

software development life cycle (SDLC)

A

The life cycle process used to develop or acquire and maintain information systems. Also known as systems development life cycle.

59
Q

Software Engineering Institute Capability Maturity Model Integration (SEI CMMI)

A

A maturity model that is used to measure the maturity of an organization’s software development life cycle process.

60
Q

software licensing

A

The process of maintaining accurate records regarding the permit- ted use of software programs.

61
Q

software maintenance

A

An activity in the software development life cycle where mod- ifications are made to the software code.

62
Q

Software Process Improvement and Capability dEtermination (SPICE)

A

A maturity model that is based on the SEI CMM maturity model. SPICE has been made an inter- national standard: ISO 15504.

63
Q

software program library

A

The repository that contains program source code and that usually includes tools to manage the maintenance of source code.

64
Q

source code management

A

The techniques and tools used to manage application source code.

65
Q

source lines of code (SLOC)

A

A sizing technique for software development projects that represents the size of the planned program, expressed as lines of code.

66
Q

sourcing

A

The choices that organizations make when selecting the personnel that will perform functions and where those functions will be performed.

67
Q

spam

A

Unsolicited and unwanted e-mail.

68
Q

spam filter

A

A central program or device that examines incoming e-mail and removes
all messages identified as spam.

69
Q

spike

A

A sharp increase in voltage that lasts for only a fraction of a second.

70
Q

spiral model

A

A software development life cycle process where the activities of re- quirements definition and software design go through several cycles until the project is complete. See also software development life cycle (SDLC).

71
Q

split custody

A

The concept of splitting knowledge of a specific object or task between two persons.

72
Q

spoofing

A

The act of changing the configuration of a device or system in an attempt to masquerade as a different, known, and trusted system or user.

73
Q

spyware

A

A type of malware where software performs one or more surveillance-type actions on a computer, reporting back to the spyware owner.

74
Q

SSAE16 (Statements on Standards for Attestation Engagements No. 16)

A

An exter- nal audit of a service provider. An SSAE16 audit is performed according to rules estab- lished by the American Institute of Certified Public Accountants (AICPA).

75
Q

standard

A

A statement that defines the technologies, protocols, suppliers, and meth- ods used by an IT organization.

76
Q

standard IT balanced scorecard

A

A management tool that is used to measure the per- formance and effectiveness of an IT organization.

77
Q

star topology

A

A network topology where a separate connection is made from a cen- tral device to each station.

78
Q

stateful inspection firewall

A

A network device that filters network traffic based on source and destination IP addresses and ports, and keeps track of individual TCP/IP ses- sions to make filtering decisions, permitting established connections. See also firewall.

79
Q

statement of impact

A

A description of the impact a disaster scenario will have on a business or business process.

80
Q

static random access memory (SRAM)

A

A form of semiconductor memory that does not require refreshing.

81
Q

statistical sampling

A

A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen. See also sampling.

82
Q

stop-or-go sampling

A

A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is low risk or a low rate of exceptions in the population. See also sampling.

83
Q

storage area network (SAN)

A

A stand-alone storage system that can be configured to contain several virtual volumes and connected to many servers through fiber optic cables.

84
Q

strategic planning

A

Activities used to develop and refine long-term plans and objectives.

85
Q

stratified sampling

A

A sampling technique where a population is divided into classes or strata, based upon the value of one of the attributes. Samples are then selected from each class. See also sampling.

86
Q

stream cipher

A

This is a type of encryption algorithm that operates on a continuous stream of data, such as a video or audio feed.

87
Q

strong authentication

A

See two-factor authentication.

88
Q

subject

A

A person or a system. See also object.

89
Q

subnet mask

A

A numeric value that determines which portion of an IP address is used to identify the network and which portion is used to identify a station on the network. See also IP address.

90
Q

substantive testing

A

A type of testing that is used to determine the accuracy and integ- rity of transactions that flow through processes and systems.

91
Q

supercomputer

A

The largest type of computer that is capable of performing large, complex calculations such as weather forecasting and earthquake simulations.

92
Q

surge

A

See spike.

93
Q

switch

A

A device that is used to connect computers and other devices to a network. Unlike a hub, which sends all network packets to all stations on the network, a switch sends packets only to intended destination stations on the network.

94
Q

symmetric encryption

A

A method for encryption and decryption where it is necessary for both parties to possess a common encryption key.

95
Q

synchronous optical networking (SONET)

A

A class of common carrier telecommuni- cations network technologies used to transport voice and data over fiber optic networks at very high speeds.

96
Q

synchronous replication

A

A type of replication where writing data to a local and to a remote storage system is performed as a single operation, guaranteeing that data on the remote storage system is identical to data on the local storage system. See also replication.

97
Q

system classification policy

A

Policy that specifies levels of security for systems storing classified information.

98
Q

system hardening

A

See hardening.

99
Q

system testing

A

The portion of software testing where an entire system is tested.