S

Question 1

Secure Shell (SSH)

Answer 1

Network protocol that uses cryptography to secure communication, remote command line login and remote command execution between two networked computers

Question 2

Security as a Service (SecaaS)

Answer 2

The next generation of managed security services dedicated to the delivery, over the Internet, of specialized
information-security services.

Question 3

Security information and event management (SIEM)

Answer 3

SIEM solutions are a combination of the formerly disparate product categories of SIM (security information management) and SEM (security event management). SIEM technology provides realtime analysis of security alerts generated by network hardware and
applications. SIEM solutions come as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.

Question 4

Security metrics

Answer 4

A standard of measurement used in management of security-related activities.

Question 5

Segregation/separation of duties (SoD)

Answer 5

A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals the responsibility for initiating and recording transactions and for the custody of assets.

Question 6

Sensitivity

Answer 6

A measure of the impact that improper disclosure of information may have on an enterprise

Question 7

Service delivery objective (SDO

Answer 7

Directly related to the business needs, SDO is the level of services to be reached during the alternate process mode until the normal situation is restored.

Question 8

Service level agreement (SLA)

Answer 8

An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured

Question 9

Shell programming

Answer 9

A script written for the shell, or command line interpreter, of an operating system; it is often considered a simple domain-specific programming language.

Question 10

Sniffing

Answer 10

The process by which data traversing a network are captured or monitored

Question 11

Social engineering

Answer 11

An attack based on deceiving users or administrators at the target site into revealing confidential or sensitive information

Question 12

Software as a service (SaaS)

Answer 12

Offers the capability to use the provider’s applications running on cloud infrastructure. The applications are accessible from various client devices through a thin client interface, such as a web browser (e.g., web-based email).

Question 13

Split knowledge/split key

Answer 13

A security technique in which two or more entities separately hold data items that individually convey no knowledge of the information that results from combining the items; a condition under which two or more
entities separately have key components that individually convey no knowledge of the plain text key that will be produced when the key components are combined in the cryptographic module.

Question 14

Spoofing

Answer 14

Faking the sending address of a transmission in order to gain illegal entry into a secure system

Question 15

Standard

Answer 15

A mandatory requirement, code of practice or specification approved by a recognized external standards organization, such as International Organization for Standardization (ISO).

Question 16

Symmetric key encryption

Answer 16

System in which a different key (or set of keys) is used by each pair of trading partners to ensure that no one else can read their messages. The same key is used for encryption and decryption. See also Private Key Cryptosystem.

Question 17

System owner

Answer 17

Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system