S/Key: A security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. The client generates a one-time password by applying the MD4 cryptographic hash function multiple times to the user's secret key. For each successive authentication of the user, the number of hash applications is reduced by one.
Safety: The need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.
Scavenging: Searching through data residue in a system to gain unauthorized knowledge of sensitive data.
Secret Key: A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
Secure Electronic Transactions (SET): A protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
Secure File Transfer Protocol (SFTP): A secure way to encrypt data in transit.
Securely Provision: A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.
Secure Shell (SSH): A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
Secure Sockets Layer (SSL): Internet security standard for encrypting the link between a website and a browser to enable the transmission of sensitive information (predecessor to TLS).
Security Automation: The use of information technology in place of manual processes for cyber incident response and management.
Security Program Management: In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).
Security Policy: A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Segment: Another name for TCP packets.
Self-Assessment Questionnaire (SAQ): A collection of questions used to document an entity’s PCI DSS assessment results, based on their processing environment.
Sensitive Information: As defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives.
Separation of Duties: The principle of splitting privileges among multiple individuals or systems.
Server: A system entity that provides a service in response to requests from other system entities called clients.
Session: A virtual connection between two hosts by which network traffic is passed.
Session Hijacking: Take over a session that someone else has established.
Session Key: In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.
SHA1: A one way cryptographic hash function. Also see "MD5"
Shadow IT: The use of web apps, cloud-services, software, and other IT resources without the knowledge of an organization’s IT or security teams. There may be hundreds or thousands of these resources and services used throughout an enterprise that have been provisioned by lines of business, individuals, or third parties without being vetted or deployed by IT or security teams. The prevalence of this self-service IT introduces new security gaps that could put the organization as well as customer data and systems at-risk.
Shadow Password Files: A system file in which encryption user password are stored so that they aren't available to people who try to break into the system.
Shadow Risk: The risk associated with the unknown assets within an organization’s attack surface. Shadow risk includes the assets and attack vectors that are part of the organization’s IT ecosystem but may be unseen or unmanaged by the organization because the assets are in cloud, partner, subsidiary and abandoned environments. It is a risk that most organizations are blind to, but sophisticated attackers can easily exploit.
Share: A resource made public on a machine, such as a directory (file share) or printer (printer share).
Shell: A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its "C:>" prompts and user commands such as "dir" and "edit").
Shift Left: In cybersecurity, the phrase “shift left” refers to the process of focusing security practices as early as possible in a given activity or process. “Left” is a reference to the idea that a timeline runs from left to right, with “earlier” to the left, so “shift left” means to start earlier. This is analogous to the principle that “an ounce of prevention is worth a pound of cure,” meaning it’s better to catch problems earlier when they are easier or cheaper to fix, and their impact is lower. For example, for software security testing, it means beginning the process when the code is first being written, or performance tests are being run, rather than waiting until it is deployed into production.
Signals Analysis: Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.
Signature: A distinct pattern in network traffic that can be identified to a specific tool or exploit.
Simple Integrity Property: In Simple Integrity Property a user cannot write data to a higher integrity level than their own.
Simple Network Management Protocol (SNMP): The protocol governing network management and the monitoring of network devices and their functions. A set of protocols for managing complex networks.
Simple Security Protocol: In Simple Security Property a user cannot read data of a higher classification than their own.
Situational Awareness: Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.
Smartcard: An electronic badge that includes a magnetic strip or chip that can record and replay a set key.
Smurf: The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.
Sniffer: A sniffer is a tool that monitors network traffic as it received in a network interface.
Sniffing: A synonym for "passive wiretapping."
Social Engineering: A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.
Socket: The socket tells a host's IP stack where to plug in a data stream so that it connects to the right application.
Socket Pair: A way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.
SOCKS: A protocol that a proxy server can use to accept requests from client users in a company's network so that it can forward them across the Internet. SOCKS uses sockets to represent and keep track of individual connections. The client side of SOCKS is built into certain Web browsers and the server side can be added to a proxy server.
Software: Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.
Software Assurance: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
Software Assurance and Security Engineering: In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
Source Port: The port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.
Spam: Electronic junk mail or junk newsgroup postings.
Spanning Port: Configures the switch to behave like a hub for a specific port.
Spillage: Synonym(s): data spill, data breach
Split Horizon: An algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned.
Split Key: A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items.
Spoofing: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
Spyware: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
SQL Injection: A type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.
Stack Mashing: The technique of using a buffer overflow to trick a computer into executing arbitrary code.
Standard ACLs (Cisco): Standard ACLs on Cisco routers make packet filtering decisions based on Source IP address only.
Star Property: In Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level.
State Machine: A system that moves through a series of progressive conditions.
Stateful Inspection: Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination.
Static Host Tables: Text files that contain hostname and address mapping.
Static Routing: Static routing means that routing table entries contain information that does not change.
Stealthing: A term that refers to approaches used by malicious code to conceal its presence on the infected system.
Steganalysis: The process of detecting and defeating the use of steganography.
Steganography: Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is "invisible" ink.
Stimulus: Is network traffic that initiates a connection or solicits a response.
Store-and-Forward: A method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it.
Straight-Through Cable: Where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network.
Strategic Planning and Policy Development: In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.
Stream Cipher: A stream cipher works by encryption a message a single bit, byte, or computer word at a time.
Strong Star Property: A user cannot write data to higher or lower classifications levels than their own.
Subject: An individual, process, or device causing information to flow among objects or a change to the system state.
Sub Network: A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.
Subnet Mask: A subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. The mask is a 32-bit value that uses one-bits for the network and subnet portions and zero-bits for the host portion.
Supervisory Control and Data Acquisition: A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.
Supply Chain Risk Management: Supply chain risk can be thought of as a specific type of third-party risk, where the risk stems from the fact that vendors and partners in an organization’s supply chain increase its attack surface yet the organization may not have sufficient visibility or awareness of the suppliers’ security posture.
The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Switch: A networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data.
Switched Network: A communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service.
Symbolic Links: Special files which point at another file.
Symmetric Cryptography: A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called "secret-key cryptography" (versus public-key cryptography) because the entities that share the key.
Symmetric Key: A cryptographic key that is used in a symmetric cryptographic algorithm.
SYN Flood: A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.
Synchronization: Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame.
Syslog: The system logging facility for Unix systems.
System Administration: cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.
System Integrity: The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Systems Development: In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.
System Requirements Planning: In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.
Systems Security Analysis: In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.
Systems Security Architecture: In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.
System Security Officer (SSO): A person responsible for enforcement or administration of the security policy that applies to the system.
System-Specific Policy: A policy written for a specific system or device.