|
Index for glossary S
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act of 2002 (SOX) is a legislation enacted in US in 2002. This act is also known as the “Public Company Accounting Reform and Investor Protection Act”. The purpose is to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. This regulation affects all companies listed on stock exchanges in the US.
Top
Scam Email
Unsolicited email which is deceptive and deliberately fraudulent in nature, leading to infection by viruses, identity theft, or even financial loss if instructions described in the messages are followed.
Top
Seals of Approval
Symbols of security granted by an independent audit organisation to assure that proper security measures have been put into place.
Top
Secure Channel
A communication path which can provide some means of protection from security threats.
Top
Secure Multi-purpose Internet Mail Extension (S/MIME)
Secure Multi-purpose Internet Mail Extension (S/MIME) is a specification for encrypting and authenticating MIME data using public key technology.
Top
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) is a protocol designed to enable encrypted, authenticated communications across the Internet. It is a security layer between the application and transport layers, which protects the application-layer protocols such as HTTP and is transparent to application developers or users. It provides privacy, authentication and message integrity.
Top
Security Assertion Markup Language (SAML)
SAML is an XML-based framework from OASIS for communicating user authentication, entitlement, and attribute information.
Top
Security Incident
It is any event that could pose a threat to the availability, integrity and confidentiality of an information system.
Top
Security Management System
Security management systems are responsible for controlling access to network resources, such as functions that enable the changing of passwords and alter the identifications and security classes of communications channels including integrity and resilience of the management capability.
Top
Security Policy
A top-level directive statement that guide and determine decisions concerning security in a system.
Top
Security Risk Assessment
Security Risk Assessment can be defined as a process of evaluating security risks, which are related to the use of information technology. It can be used as a baseline for showing the amount of change since the last assessment, and how much more changes are required in order to meet the security requirements.
Top
Segregation of Duties
Segregation of duties is a concept in internal control that requires critical functions to be divided into steps among different individuals so as to prevent a single individual from subverting a critical process.
Top
Server Authentication
It allows a client to identify that it is communicating with the target party, not a malicious third party.
Top
Service Set Identifier (SSID)
Service Set Identifier (SSID) is a configurable identification that allows wireless clients to communicate with an appropriate access point. With proper configuration, only clients with correct SSID can communicate with the access points.
Top
Session Key
A session key is a symmetric key which encrypts a message or session, in order to protect data during transmission. It is created at the beginning of a communications session.
Top
Shared Key Authentication
Shared Key Authentication is a standard challenge and response mechanism that makes use of WEP and the shared secret key to provide authentication.
Top
Shoulder Attack
Shoulder attack is an attack in which attacker might be able to observe what one types and hence steal the password by direct observation by looking over one’s shoulder, or indirect monitoring by using a camera when one types in his password.
Top
Simple Key Management for Internet Protocol (SKIP)
Simple Key Management for Internet Protocol (SKIP) is an authentication / encryption system that secures the network at the IP packet level.
Top
Single Sign-On (SSO)
Single sign-on is an access control mechanism that requires a user to login only once and be authenticated automatically by all other service providers.
Top
Smart Card
A tamper-resistant card with a chip storing an encrypted password or the private key which makes it difficult to be sniffed or stolen by the intruder.
Top
SMiShing
SMiShing is phishing by means of Short Message Service (SMS). Similar to the Internet phishing attack, attackers are attempting to fool mobile users with bogus text messages that connect to websites where malicious codes can be downloaded to their mobile devices.
Top
Social Engineering
An act using social interactions such as lie, play acting or verbal wordings to trick legitimate users for secrets of the systems such as the user lists, user passwords and network architecture.
Top
Spam
Spam refers to bulk unsolicited electronic messages sent in the form of e-mail, fax or short messages, etc. regardless of whether the recipients have given any consent to receive such or even after the recipients have requested not to
receive such any more.
Top
SPam over Internet Telephony (SPIT) Attack
SPIT is the spamming which targeted at VoIP. It leaves unsolicited marketing voice messages at the target IP phones.
Top
Spam Honeypot
Spam honeypot is a honeypot designed to attract spammers to attack, and hence to study spam and email harvesting activities.
Top
Spammer
Spammer is a person who sends spam messages.
Top
SPIM
SPIM is a spam spread via instant messaging (IM). It is sometimes called IM spam.
Top
Spyware
Spyware is software that secretly forwards information about a user's online activities to third parties without the user's permission.
Top
SSL VPN
An SSL VPN allows users to connect to the VPN devices using their Web browsers. The SSL (Secure Sockets Layer) protocol or TLS (Transport Layer Security) protocol is used to encrypt the traffic between the Web browser and the SSL VPN device.
Top
Stealth Virus
A virus that actively seeks to conceal itself from discovery or defends itself against attempts to analyse or remove it.
Top
|
繁體版
