Glossary- S Flashcards
sabotage
Deliberate damage of an organization’s asset.
salvage
The process of recovering components or assets that still have value after a disaster.
sample
A portion of a population of records that is selected for auditing.
sample mean
The sum of all samples divided by the number of samples.
sample standard deviation
A computation of the variance of sample values from the sample mean. This is a measurement of the “spread” of values in the sample.
sampling
A technique that is used to select a portion of a population when it is not feasible to test an entire population.
sampling risk
The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage, as the numeric inverse of the con- fidence coefficient. See also confidence coefficient.
SAS 70 (Statement of Accounting Standards No. 70)
An external audit of a service provider. An SAS 70 audit is performed according to rules established by the American Institute of Certified Public Accountants (AICPA). Deprecated by SSAE16. See also SSAE16.
scanning attack
An attack on a computer or network with the intention of discover- ing potentially vulnerable computers or programs.
screened shielded twisted pair (S/STP)
A type of twisted-pair cable where a thick metal shield protects each pair of conductors, plus an outer shield that protects all of the conductors together. See also twisted-pair cable.
screened unshielded twisted pair (S/UTP)
A type of twisted-pair cable where the entire cable has a thick metal shield that protects the cables. See also twisted-pair cable.
screening router
A network device that filters network traffic based on source and destination IP addresses and ports. See also firewall.
script kiddie
An inexperienced computer hacker who uses tools developed by others to illegally access computers and networks.
Scrum
An iterative and incremental methodology used for rapid and agile software development.
secondary storage
A computer’s long-term storage of information, usually imple- mented with hard disk drives or static random access memory (SRAM).
secure copy (SCP)
A TCP/IP application layer protocol used as a file transfer protocol that is similar to remote copy (RCP), but is protected using secure shell (SSH). See re- mote copy (RCP), secure shell (SSH).
secure electronic transaction (SET)
A protocol used to protect credit card transac- tions that uses a digital envelope. SET has been deprecated by Secure Sockets Layer (SSL) and Transport Layer Security (TLS). See also digital envelope, Secure Sockets Layer (SSL), and Transport Layer Security (TLS).
Secure File Transfer Protocol (SFTP)
A TCP/IP application layer protocol that is an extension of the FTP protocol, where authentication and file transfer are encrypted us- ing SSH. Sometimes referred to as SSH File Transfer Protocol. See also File Transfer Protocol (FTP), secure shell (SSH).
Secure Hypertext Transfer Protocol (SHTTP)
A protocol used to encrypt webpages between web servers and web browsers. Often confused with Hypertext Transfer Proto- col Secure (HTTPS).
Secure Multipurpose Internet Mail Extensions (S/MIME)
An e-mail security proto- col that provides sender and recipient authentication and encryption of message con- tent and attachments.
secure shell (SSH)
A TCP/IP application layer protocol that provides a secure chan- nel between two computers whereby all communications between them are encrypted. SSH can also be used as a tunnel to encapsulate and thereby protect other protocols.
Secure Sockets Layer (SSL)
An encryption protocol used to encrypt webpages re- quested with the HTTPS (Hypertext Transfer Protocol/Secure) URL. Deprecated by Transport Layer Security (TLS). See also Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS).
security awareness
A formal program used to educate employees, users, customers, or constituents on required, acceptable, and unacceptable security-related behaviors.
security governance
Management’s control over an organization’s security program.
security guards
Personnel who control passage at entry points or roam building
premises looking for security issues such as unescorted visitors.
security incident
An event where the confidentiality, integrity, or availability of infor- mation (or an information system) has been compromised.
security incident response
The formal, planned response that is enacted when a se- curity incident has occurred. See also security incident.
security policy
See information security policy.
security requirements
Formal statements that describe the required security charac-
teristics that a system must support.
segregation of duties
The concept that ensures single individuals do not possess ex- cess privileges that could result in unauthorized activities such as fraud or the manipu- lation or exposure of sensitive data.
separation of duties
See segregation of duties.
serial line interface protocol (SLIP)
A network protocol used to transport TCP/IP
packets over point-to-point serial connections (usually RS-232).
server
A centralized computer used to perform a specific task.
service continuity management
The IT function that consists of activities concerned with the organization’s ability to continue providing services, primarily in the event that a natural or man-made disaster has occurred. See also IT service management, busi- ness continuity planning, and disaster recovery planning.
service desk
The IT function that handles incidents and service requests on behalf of customers by acting as a single point of contact. See also IT service management.
service-level agreement (SLA)
An agreement that specifies service levels in terms of the quantity of work, quality, timeliness, and remedies for shortfalls in quality or quantity.
service-level management
The IT function that confirms whether IT is providing ad- equate service to its customers. This is accomplished through continuous monitoring and periodic review of IT service delivery. See also IT service management.
service provider audit
An audit of a third-party organization that provides services to other organizations.
service set identifier (SSID)
A friendly name that identifies a particular 802.11 wire- less network.