Читаем CISSP Practice полностью

One of two generally possible states in which a computer system may operate and in which only certain privileged instructions may be executed. The other state in which a computer system may operate is problem-state in which privileged instructions may not be executed. The distinction between the supervisor state and the problem state is critical to the integrity of the system.

Supplementary controls

The process of adding security controls or control enhancements to a baseline security control in order to adequately meet the organization’s risk management needs. These are considered additional controls; after comparing the tailored baseline controls with security requirements definition or gap analysis, these controls are added to make up for the missing or insufficient controls.

Supply chain

A system of organizations, people, activities, information, and resources involved in moving a product or service from supplier/producer to consumer/customer. It uses a defense-in-breadth strategy.

Supply chain attack

An attack that allows an adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data or manipulate IT hardware, software, operating systems, IT peripherals or services at any point during the life cycle of a product or service.

Support software

All software that indirectly supports the operation of a computer system and its functional applications such as macroinstructions, call routines, and read and write routines.

Supporting controls

Generic controls that underlie most IT security capabilities. These controls must be in place in order to implement other controls, such as prevent, detect, and recover. Examples include identification, cryptographic key management, security administration, an system protection.

Susceptibility analysis

Examination of all susceptibility information to identify the full range of mitigation desired or possible that can diminish the impacts from exposure of vulnerabilities or access by threats.

Suspended state

The cryptographic key life cycle state used to temporarily remove a previously active key from that status but making provisions for later returning the key to active status, if appropriate.

Symbolic links

A symbolic link or symlink is a file that points to another file. Often, there are programs that will change the permissions granted to a file. If these programs run with privileged permissions, a user could strategically create symlinks to trick these programs into modifying or listing critical system files.

Symmetric key algorithm

A cryptographic algorithm that uses the same secret key for an operation and its complement (e.g., encryption and decryption, or create a message authentication code and to verify the code).

Symmetric key cryptography

(1) A cryptographic key that is used to perform both the cryptographic operation and its inverse (e.g., to encrypt and decrypt a message or create a message authentication code and to verify the code). (2) A single cryptographic key that is used with a secret (symmetric) key algorithm.

Synchronization (SYN) flood attack

(1) A stealth attack because the attacker spoofs the source address of the SYN packet, thus making it difficult to identify the perpetrator. (2) A method of overwhelming a host computer on the Internet by sending the host a high volume of SYN packets requesting a connection but never responding to the acknowledgement packets returned by the host. In some cases, the damage can be very serious. (3) A method of disabling a system by sending more SYN packets than its networking code can handle.

Synchronization protocols

Protocols that allow users to view, modify, and transfer or update data between a cell phone or personal digital assistant (PDA) and a PC or vice versa. The two most common synchronization protocols are Microsoft’s ActiveSync and Palm’s HotSync.

Synchronous communication

The transmission of data at very high speeds using circuits in which the transfer of data is synchronized by electronic clock signals. Synchronous communication is used within the computer and in high-speed mainframe computer networks.

Synchronous optical network (SONET)

A physical layer standard that provides an international specification for high-speed digital transmission via optical fiber. At the source interface, signals are converted from electrical to optical form. They are then converted back to electrical form at the destination interface.

Synchronous transmission

The serial transmission of a bit stream in which each bit occurs at a fixed time interval and the entire stream is preceded by a specific combination of bits that initiate the timing.

Syntax error