Читаем CISSP Practice полностью

An established basis of performance used to determine quality and acceptability. A published statement on a topic specifying characteristics, usually measurable, that must be satisfied or achieved in order to comply with the standard.

Standalone system

A small office/home office (SOHO) environment.

Standard generalized markup language (SGML)

A markup language used to define the structure and to manage documents in electronic form.

Standard user account

A user account with limited privileges that will be used for general tasks such as reading e-mail and surfing the Web.

Star topology

Star topology is a network topology in which peripheral nodes are connected to a central node (station) in that all stations are connected to a central switch or hub. An active star network has an active central node that usually has the means to prevent echo-related problems.

State attacks

Asynchronous attacks that deal with timing differences and changing states. Examples include time-of-check to time-of-use (TOC-TOU) attack and race conditions.

Stateful inspection

Packet filtering that also tracks the state of connections and blocks packets that deviate from the expected state.

Stateful protocol analysis

A firewalling capability that improves upon standard stateful inspection by adding basic intrusion detection technology. This technology consists of an inspection engine that analyzes protocols at the application layer to compare vendor-developed profiles of benign protocol activity against observed events to identify deviations, allowing a firewall to allow or deny access based on how an application is running over a network.

Stateless inspection

See “Packet filtering.”

State transition diagram (STD)

It shows how a system moves from one state to another, or as a matrix in which the dimensions are state and input. STDs detects errors such as incomplete requirements specifications and inconsistent requirements. STDs represent a sequential, natural flow of business transactions. STD are used in real-time application systems to express concurrency of tasks. They are also called state charts.

Static key

It is a key that is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establishment scheme. Static key is in contrast with an ephemeral key, where the latter is used for a short period of time.

Static key agreement key pairs

Static key agreement key pairs are used to establish shared secrets between entities, often in conjunction with ephemeral key pairs. Each entity uses their private key agreement key(s), the other entity’s public key agreement key(s) and possibly their own public key agreement key(s) to determine the shared secret. The shared secret is subsequently used to derive shared keying material. Note that in some key agreement schemes, one or more of the entities may not have a static key agreement pair.

Static separation of duty (SSOD)

As a security mechanism, SSOD addresses two separate but related problems: static exclusivity and assurance principle.

Static exclusivity is the condition for which it is considered dangerous for any user to gain authorization for conflicting sets of capabilities (e.g., a cashier and a cashier supervisor). The motivations for exclusivity relations include, but are not limited to, reducing the likelihood of fraud or preventing the loss of user objectivity.

Assurance principle is the potential for collusion where the greater the number of individuals that are involved in the execution of a sensitive business function, such as purchasing an item or executing a trade, the less likely any one user will commit fraud or that any few users will collude in committing fraud.

Separation of duties constraints may require that two roles be mutually exclusive, because no user should have the privileges from both roles. Popular SSOD policies are the RBAC and RuBAC.

Static Web documents

Static Web documents (pages) are written in HTML, XHTML, ASCII, JPEG, XML, and XSL.

Stealth mode

Operating an intrusion detection and prevention sensor without IP addresses assigned to its monitoring network interfaces.

Steering committee

A group of management representatives from each user area of IT services that establishes plans and priorities and reviews project’s progress and problems for the purpose of making management decisions.

Steganography

Deals with hiding messages and obscuring who is sending or receiving them. The art and science of communicating in a way that hides the existence of the communication. For example, a child pornography image can be hidden inside another graphic image file, audio file, or other file format.