InfoSec
[General Users] [Youngsters & Students] [Parents and Teachers] [IT Professionals] [SME]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Secure Multi-purpose Internet Mail Extension (S/MIME) |
Sarbanes-Oxley Act of 2002 (SOX) is a legislation enacted in US in 2002. This act is also known as the “Public Company Accounting Reform and Investor Protection Act”. The purpose is to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. This regulation affects all companies listed on stock exchanges in the US.
Unsolicited email which is deceptive and deliberately fraudulent in nature, leading to infection by viruses, identity theft, or even financial loss if instructions described in the messages are followed.
Symbols of security granted by an independent audit organisation to assure that proper security measures have been put into place.
A communication path which can provide some means of protection from security threats.
Secure Multi-purpose Internet Mail Extension (S/MIME) is a specification for encrypting and authenticating MIME data using public key technology.
Secure Sockets Layer (SSL) is a protocol designed to enable encrypted, authenticated communications across the Internet. It is a security layer between the application and transport layers, which protects the application-layer protocols such as HTTP and is transparent to application developers or users. It provides privacy, authentication and message integrity.
SAML is an XML-based framework from OASIS for communicating user authentication, entitlement, and attribute information.
It is any event that could pose a threat to the availability, integrity and confidentiality of an information system.
Security management systems are responsible for controlling access to network resources, such as functions that enable the changing of passwords and alter the identifications and security classes of communications channels including integrity and resilience of the management capability.
A top-level directive statement that guide and determine decisions concerning security in a system.
Security Risk Assessment can be defined as a process of evaluating security risks, which are related to the use of information technology. It can be used as a baseline for showing the amount of change since the last assessment, and how much more changes are required in order to meet the security requirements.
Segregation of duties is a concept in internal control that requires critical functions to be divided into steps among different individuals so as to prevent a single individual from subverting a critical process.
It allows a client to identify that it is communicating with the target party, not a malicious third party.
Service Set Identifier (SSID) is a configurable identification that allows wireless clients to communicate with an appropriate access point. With proper configuration, only clients with correct SSID can communicate with the access points.
A session key is a symmetric key which encrypts a message or session, in order to protect data during transmission. It is created at the beginning of a communications session.
Shared Key Authentication is a standard challenge and response mechanism that makes use of WEP and the shared secret key to provide authentication.
Shoulder attack is an attack in which attacker might be able to observe what one types and hence steal the password by direct observation by looking over one’s shoulder, or indirect monitoring by using a camera when one types in his password.
Simple Key Management for Internet Protocol (SKIP) is an authentication / encryption system that secures the network at the IP packet level.
Single sign-on is an access control mechanism that requires a user to login only once and be authenticated automatically by all other service providers.
A tamper-resistant card with a chip storing an encrypted password or the private key which makes it difficult to be sniffed or stolen by the intruder.
SMiShing is phishing by means of Short Message Service (SMS). Similar to the Internet phishing attack, attackers are attempting to fool mobile users with bogus text messages that connect to websites where malicious codes can be downloaded to their mobile devices.
An act using social interactions such as lie, play acting or verbal wordings to trick legitimate users for secrets of the systems such as the user lists, user passwords and network architecture.
Spam refers to bulk unsolicited electronic messages sent in the form of email, fax or short messages, etc. regardless of whether the recipients have given any consent to receive such or even after the recipients have requested not to receive such any more.
SPIT is the spamming which targeted at VoIP. It leaves unsolicited marketing voice messages at the target IP phones.
Spam honeypot is a honeypot designed to attract spammers to attack, and hence to study spam and email harvesting activities.
Spammer is a person who sends spam messages.
SPIM is a spam spread via instant messaging (IM). It is sometimes called IM spam.
Spyware is software that secretly forwards information about a user's online activities to third parties without the user's permission.
An SSL VPN allows users to connect to the VPN devices using their Web browsers. The SSL (Secure Sockets Layer) protocol or TLS (Transport Layer Security) protocol is used to encrypt the traffic between the Web browser and the SSL VPN device.
A virus that actively seeks to conceal itself from discovery or defends itself against attempts to analyse or remove it.
| Back | Top |
Sitemap | Contact Us | Privacy Policy | Important Notices
Copyright 2002. The Government of the Hong Kong Special Administrative Region.