SLE - (Single Loss Expectency) - A dollar amount that is assigned to a single event that represents the company\'s potential loss amount if a specific threat were to take place. [asset value
smurf - ICMP Echo Request sent to the network broadcast address of a spoofed victim causing all nodes to respond to the victim with an Echo Reply.
social engineering - The act of tricking another person into providing confidential information by posing as an individual who is authorized to receive that information.
software assurance - The level of confidence that software is free from vulnerabilities either intentionally designed into the software or accidentally inserted at any time during its lifecycle and that it functions in the intended manner.
software defined wide area network - An extension of the SDN practices to connect to entities spread across the internet to support WAN architecture especially related to cloud migration.
software-defined networking - An approach to networking that relies on distributed software to provide improved agility and efficiency by centralizing the configuration and control of networking devices.
spoofing - Presenting false information, usually within packets, to trick other systems and hide the origin of the message. This is usually done by hackers so that their identity cannot be successfully uncovered.
SSO - (Single Sign-On) - A technology that allows a user to authenticate one time and then access resources in the environment without needing to reauthenticate.
standards - Rules indicating how hardware and software should be implemented, used, and maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and procedures are carried out in a uniform way across the organization. They are compulsory.
star property - A Bell-LaPadula security model rule that stipulates that a subject cannot write data to an object at a lower security level.
statement coverage - This criterion requires sufficient test cases for each program statement to be executed at least once
static source code analysis - Analysis of the application source code for finding vulnerabilities without executing the application.
steganography - Hiding something within something else, or data hidden within other data.
strategic goals - Long-term goals that are broad, general statements of intent. Operational and tactical goals support strategic goals and all are a part of a planning horizon.
stream cipher - When a cryptosystem performs its encryption on a bit-by-bit basis.
striping - RAID technique
subject - An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or that changes the system state.
substitution - The process of exchanging one letter or bit for another.
supervisor state - One of several states in which an operating system may operate, and the only one in which privileged instructions may be executed by the CPU.
supervisory control and data acquisition - A system for remotely monitoring and controlling physical systems such as power and manufacturing plants.
switch - Networking device that operates at layer 2 and breaks apart collision domains per port.
symmetric algorithm - Operate with a single cryptographic key that is used for both encryption and decryption of the message.
synthetic performance monitoring - Involves having external agents run scripted transactions against a web application.
synthetic transaction - A transaction that is executed in real time by a software agent to test or monitor the performance of a distributed system.
tabletop exercise - A type of exercise in which participants respond to notional events to test out procedures and ensure they actually do what they\'re intended to and that everyone knows their role in responding to the events.
TACACS - (Terminal Access Controller Access Control System) - A client/server authentication protocol that provides the same type of functionality as RADIUS and is used as a central access control mechanism mainly for remote users.
tactical goals - Midterm goals to accomplish. These may be milestones to accomplish within a project or specific projects to accomplish in a year. Strategic, tactical, and operational goals make up a planning horizon.
TCB - (Trusted Computing Base) - All of the protection mechanisms within a computer system (software, hardware, and firmware) that are responsible for enforcing a security policy.
TCP - (Transmission Control Protocol) - Provides connection-oriented data management and reliable data transfer through the use of a three-way handshake to establish connections and sequence and acknowledgement numbers for error detection and correction.
TCP/IP Model - (Transmission Control Protocol/Internet Protocol) - Layering model structured into four layers (network interface layer, internet layer, transport layer, host-to-host transport layer, application layer).
teardrop attack - Exploits the reassembly of fragmented IP packets in the fragment offset field that indicates the starting position, or offset, of the data contained in a fragmented packet relative to the data of the original unfragmented packet.
technical controls - These controls, also called logical access control mechanisms, work in software to provide availability, integrity, or confidentiality protection. Some examples are passwords, identification and authentication methods, security devices, auditing, and the configuration of the network.
Tempest - The study and control of spurious electronic signals emitted by electrical equipment. Tempest equipment is implemented to prevent intruders from picking up information through the airwaves with listening devices.
Terminal Access Controller Access Control System - A client/server authentication protocol that provides the same type of functionality as RADIUS and is used as a central access control mechanism mainly for remote users.
threat - Any potential danger that a vulnerability will be exploited by a threat agent.
threat modeling - A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
time multiplexing - Allows the operating system to provide well- defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.
time of check time of use - An attack that takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.
Title bar - Title content
TOC TOU - (Time Of Check Time Of Use) - An attack that takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.
top-down approach - An approach in which the initiation, support, and direction for a project come from top management and work their way down through middle management and then to staff members.
topology - The physical construction of how nodes are connected to form a network.
total risk - When a safeguard is not implemented, an organization is faced with the total risk of that particular vulnerability.
TPM - (Trusted Platform Module) - A secure crypto processor and storage module.
trademark - A legal right that protects a word, name, product shape, symbol, color, or a combination of these used to identify a product or a company.
transmission control protocol - Provides connection-oriented data management and reliable data transfer through the use of a three-way handshake to establish connections and sequence and acknowledgement numbers for error detection and correction.
transport control protocol/internet protocol model - Layering model structured into four layers (network interface layer, internet layer, transport layer, host-to-host transport layer, application layer).
transposition - The process of reordering the plaintext to hide the message by using the same letters or bits.
Trojan horse - A computer program that has an apparently or actually useful function, but that also contains hidden malicious capabilities to exploit a vulnerability and/or provide unauthorized access into a system.
trusted computer system - A system that has the necessary controls to ensure the security policy will not be compromised and that can process a range of sensitive or classified information simultaneously.