 |
Letter: S - secret key
- Definition: A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
- Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.
- Related Term(s): symmetric key
- securely provision
- Definition: A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.
- security automation
- Definition: The use of information technology in place of manual processes for cyber incident response and management.
- security incident
- Synonym(s): incident
- security policy
- Definition: A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.
- Extended Definition: A rule or set of rules applied to an information system to provide security services.
- security program management
- Definition: In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).
- signature
- Definition: A recognizable, distinguishing pattern.
- Extended Definition: Types of signatures: attack signature, digital signature, electronic signature.
- situational awareness
- Definition: Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.
- Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
- software assurance
- Definition: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
- software assurance and security engineering
- Definition: In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
- spam
- Definition: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
- spillage
- Synonym(s): data spill, data breach
- spoofing
- Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
- Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
- spyware
- Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
- Related Term(s): keylogger
- strategic planning and policy development
- Definition: In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.
- subject
- Definition: An individual, process, or device causing information to flow among objects or a change to the system state.
- Extended Definition: An active entity.
- Related Term(s): object, access, access control
- supervisory control and data acquisition
- Definition: A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.
- Related Term(s): Industrial Control System
- supply chain
- Definition: A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.
- Related Term(s): supply chain risk management
- supply chain risk management
- Definition: The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
- Related Term(s): supply chain
- symmetric cryptography
- Definition: A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
- symmetric encryption algorithm
- Synonym(s): symmetric cryptography
- symmetric key
- Definition: A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.
- Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.
- Related Term(s): secret key
- system administration
- Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.
- system integrity
- Definition: The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
- Related Term(s): integrity, data integrity
- systems development
- Definition: In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.
- systems requirements planning
- Definition: In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.
- systems security analysis
- Definition: In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.
- systems security architecture
- Definition: In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.
|
|
|
