S

Safety: Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.

Salting: An additional safeguard that’s used to strengthen hash functions

Scareware: Malware that employs tactics to frighten users into infecting their device

Search Processing Language (SPL): Splunk’s query language

Secure File Transfer Protocol (SFTP): A secure protocol used to transfer files from one device to another over a network

Secure Shell (SSH):  A program to log into another computer over a network, execute commands in a remote machine, and move files from one machine to another. A security protocol is used to create a shell with a remote system.

Secure Sockets Layer (SSL):  A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that’s transferred over the SSL connection.

Security Architecture: A type of security design composed of multiple components,

Security Audit: A review of an organization’s security controls, policies, and procedures against a set of expectations.

Security Controls: Safeguards designed to reduce specific security risks

Security Ethics: Guidelines for making appropriate decisions as a security.

Security Frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security Governance: Practices that help support, define, and direct security efforts

Security Hardening: The process of strengthening a system to reduce its vulnerabilities and attack surface.

Security Information and Event Management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization

Security Mindset: The ability to evaluate risk and constantly seek out and identify the

Security Operations Center (SOC): An organizational unit dedicated to monitoring

Security Orchestration, Automation, and Response (SOAR): A collection of applications, tools, and workflows that use automation to respond to security events

Security Policy: A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.

Security Posture: An organization’s ability to manage its defense of critical assets and data and react to change

Security Zone: A segment of a company’s network that protects the internal network from the internet

Select: The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization

Sensitive Data: A type of data that includes personally identifiable information (PII),

Sensitive Information: Sensitive information, as defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives.

Sensitive Personally Identifiable Information (SPII): A specific type of PII that falls

Separation of Duties: Separation of duties is the principle of splitting privileges among multiple individuals or systems.

Server: A system entity that provides a service in response to requests from other system entities called clients.

Session: A session is a virtual connection between two hosts by which network traffic is passed.

Session Cookie: A token that websites use to validate a session and determine how

Session Hijacking: Take over a session that someone else has established. An event when attackers obtain a legitimate user’s session ID.

Session ID: A unique token that identifies a user and their device while accessing a

Session: A sequence of network HTTP requests and responses associated with the

Set Data: Data that consists of an unordered collection of unique values

SHA1: A one-way cryptographic hash function. Also, see “MD5.”

Share:  A share is a resource made public on a machine, such as a directory (file share) or printer (printer share).

Shared Responsibility: The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Shell: A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its “C:>” prompts and user commands such as “dir” and “edit”). The command-line interpreter.

Signature Analysis: A detection method used to find events of interest

Signature: A pattern that is associated with malicious activity

Simple Network Management Protocol (SNMP): A network protocol used for monitoring and managing devices on a network

Single sign-on (SSO): A technology that combines several different logins into one

single threat actor, known as the “bot-herder”

Smartcard: A smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key.

Smishing: The use of text messages to trick users to obtain sensitive information or to

Smurf Attack: A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets

Sniffer: A sniffer is a tool that monitors network traffic as it is received in a network interface.

Sniffing: A synonym for “passive wiretapping.”

Social Engineering: A euphemism for non-technical or low-technology means – such as lies, impersonation, tricks, bribes, blackmail, and threats – used to attack information systems.

Social Media Phishing: A type of attack where a threat actor collects detailed

SOCKS:  A protocol that a proxy server can use to accept requests from client users in a company’s network so that it can forward them across the Internet. SOCKS uses sockets to represent and keep track of individual connections. The client side of SOCKS is built into certain Web browsers and the server side can be added to a proxy server.

Software: Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.

Source Port: The port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.

Spam: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Spanning Port: Configures the switch to behave like a hub for a specific port.

Spear Phishing: A malicious email attack targeting a specific user or group of users,

Speed: The rate at which a device sends and receives data, measured by bits per second

Splunk Cloud: A cloud-hosted tool used to collect, search, and monitor log data

Splunk Enterprise: A self-hosted tool used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time

Spoof: Faking the sending address of transmission to gain illegal [unauthorized] entry into a secure system.

Spyware: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner. Malware that’s used to gather and sell information without consent.

SQL (Structured Query Language): A programming language used to create, interact

SQL Injection: SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database. An attack that executes unexpected queries on a database.

Stakeholder: An individual or group that has an interest in any decision or activity of

Standard error: An error message returned by the OS through the shell

Standard input: Information received by the OS via the command line

Standard output: Information returned by the OS through the shell

Standards: References that inform how to set policies

STAR Method: An interview technique used to answer behavioral and situational

Stateful: A class of firewalls that keeps track of information passing through it and proactively filters out threats

Stateless: A class of firewall that operates based on predefined rules and does not keep track of information from data packets

Steganography: Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is “invisible” ink.

Stored XSS Attack: An instance when a malicious script is injected directly into the server

String Concatenation: The process of joining two strings together

String data: Data consisting of an ordered sequence of characters

Style Guide: A manual that informs the writing, formatting, and design of documents

Subnetting: The subdivision of a network into logical groups called subnets

Substring: A continuous sequence of characters within a string

Sudo: A command that temporarily grants elevated permissions to specific users

Supply Chain: A system of organizations, people, activities, information, and resources, for creating and moving products including product components and/or services from suppliers through to their customers.

Supply-chain Attack: An attack that targets systems, applications, hardware, and/or

Suricata: An open-source intrusion detection system, intrusion prevention system, and

Switch: A switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted to the ports that are the intended recipient of the data. A device that makes connections between specific devices on a network by sending and receiving data between them.

Symmetric Encryption: The use of a single secret key to exchange information

SYN Flood: A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.

Synchronization: Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal the start of a frame.

Synchronize (SYN) Flood Attack: A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets

Syntax Error: An error that involves invalid usage of a programming language

Syntax: The rules that determine what is correctly structured in a computing language

Syslog: Syslog is the system logging facility for Unix systems.