Читаем CISSP Practice полностью

(1) A measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g., plaintext/ciphertext pairs for a given encryption algorithm). (2) A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or module. The average amount of work needed is 2 raised to the power of (security strength minus 1). The security strength, sometimes, is referred to as a security level.

Security tag

An information unit containing a representation of certain security-related information (e.g., a restrictive attribute bit map).

Security target (ST)

A set of security requirements and specifications drawn from the Common Criteria (CC) for IT security evaluation to be used as the basis for evaluation of an identified target of evaluation (TOE). It is an implementation-dependent statement of security needs for a specific identified TOE.

Security test & evaluation (ST&E)

It is an examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system.

Security testing

The major goal is to determine that an information system protects data and maintains functionality as intended. It is a process used to determine that the security features of a computer system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands-on functional testing, penetration testing, and verification. The purpose is to assess the robustness of the system and to identify security vulnerabilities. This is a management and preventive control.

Security vulnerability

A property of system requirements, design, implementation, or operation that could be accidentally triggered or intentionally exploited and result in a security failure.

Security zone (WMAN/WiMAX)

A security zone (SZ) is a set of trusted relationships between a base station (BS) and a group of relay stations (RSs) in WiMAX architecture. An RS can only forward traffic to RSs or subscriber stations (SSs) within its security zone.

Seed key

It is the initial key used to start an updating or key generation process.

Seed RNG

Seed is a secret value that is used once to initialize a deterministic random bit generator in order to generate random numbers and then is destroyed.

Seeding model

A seeding model can be used as an indication of software reliability (i.e., error detection power) of a set of test cases.

Seepage

The accidental flow to unauthorized individuals of data or information, access to which is presumed to be controlled by computer security safeguards.

Self-signed certificate

A public key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data, but does not guarantee authenticity of the information. The trust of self-signed certificates is based on the secure procedures used to distribute them.

Sendmail attack

Involves sending thousands of e-mail messages in a single day to unwitting e-mail receivers. It takes a long time to read through the subject lines to find the desired e-mail, thus wasting the receiver’s valuable time. This is a form of spamming attack. Recent sendmail attacks fall into the categories of remote penetration, local penetration, and remote DoS.

Sensitive data

Data that require a degree of protection due to the risk and magnitude of loss or harm which could result from inadvertent or deliberate disclosure, alteration, or destruction of the data (e.g., personal or proprietary data). It includes both classified and sensitive unclassified data.

Sensitive label

A piece of information that represents the security level of an object. It is the basis for mandatory access control decisions. Compare with security label.

Sensitive levels

A graduated system of marking (e.g., low, moderate, and high) information and information processing systems based on threats and risks that result if a threat is successfully conducted.

Sensitive security parameter (SSP)

Sensitive security parameter (SSP) contains both critical security parameter (CSP) and public security parameter (PSP). In other words, SSP = CSP + PSP.

Sensitive system

A computer system that requires a degree of protection because it processes sensitive data or because of the risk and magnitude of loss or harm that could result from improper operation or deliberate manipulation of the application system.

Sensitivity analysis