Читаем CISSP Practice полностью

(1) Sequentially going through combinations of numbers and letters to look for access to telephone numbers and secret passwords. (2) Sending packets or requests to another system to gain information to be used in a subsequent attack.

Scavenging

Searching through object residue (file storage space) to acquire unauthorized data.

Scenario analysis

An information system's vulnerability assessment technique in which various possible attack methods are identified and the existing controls are examined in light of their ability to counter such attack methods.

Schema

A set of specifications that defines a database. Specifically, it includes entity names, sets, groups, data items, areas, sort sequences, access keys, and security locks.

Scoping guidance

Specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline.

Screen scraper

A computer program that extracts data from websites. The program captures information from a computer display not intended for processing, captures the bitmap data from a computer screen, or queries the graphical controls used in an application to obtain references to the underlying programming objects. Screen scrapers can extract data from mobile devices (such as, PDAs and SmartPhones) and non-mobile devices. Regarding security threats, the screen scraper belongs to the malware family in that its similar to malware threats including keyloggers, spyware, bad adware, rootkits, backdoors, and bots.

Screened host firewall

It combines a packet-filtering router with an application gateway located on the protected subnet side of the router.

Screened subnet firewall

Conceptually, it is similar to a dual-homed gateway, except that an entire network, rather than a single host is reachable from the outside. It can be used to locate each component of the firewall on a separate system, thereby increasing throughput and flexibility.

Screening router

A router is used to implement part of a firewall’s security by configuring it to selectively permit or deny traffic at a network level.

Script

(1) A sequence of instructions, ranging from a simple list of operating system commands to full-blown programming language statements, which can be executed automatically by an interpreter. (2) A sequence of commands, often residing in a text file, which can be interpreted and executed automatically. (3) Unlike compiled programs, which execute directly on a computer processor, a script must be processed by another program that carries out the indicated actions.

Scripting language

A definition of the syntax and semantics for writing and interpreting scripts. Typically, scripting languages follow the conventions of a simple programming language, but they can also take on a more basic form such as a macro or a batch file. JavaScript, VBScript, Tcl, PHP, and Perl are examples of scripting languages.

Secrecy

Denial of access to information by unauthorized individuals.

Secret key

A cryptographic key that is used with a secret key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not being made public. A key used by a symmetric algorithm to encrypt and decrypt data. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution.

Secret key (symmetric) cryptographic algorithm

A cryptographic algorithm that uses a single, secret key for both encryption and decryption. This is the traditional method used for encryption. The same key is used for both encryption and decryption. Only the party or parties that exchange secret messages know the secret key. The biggest problem with symmetric key encryption is securely distributing the keys. Public key techniques are now often used to distribute the symmetric keys. An encryption algorithm that uses only secret keys. Also known as private-key encryption.

Secure channel

An information path in which the set of all possible senders can be known to the receivers or the set of all possible receivers can be known to the senders, or both.

Secure communication protocol

A communication protocol that provides the appropriate confidentiality, authentication, and content integrity protection.

Secure configuration management

The set of procedures appropriate for controlling changes to a system’s hardware and software structure for the purpose of ensuring that changes will do not lead to violations of the system’s security policy.

Secure erase