S-GLOSSARY Flashcards Preview

CISM-S-GLOSSARY > S-GLOSSARY > Flashcards

Flashcards in S-GLOSSARY Deck (19)
Loading flashcards...
1
Q

Secret Key

A

A cryptographic key that is used with a secret key (symmetric) cryptographic algorithm, that is uniquely associated with one or more entities and is not made public. The same key is used to both encrypt and
decrypt data. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.

2
Q

Secure hash algorithm (SHA)

A

A hash algorithm with the property that is computationally infeasible

1) to find a message that corresponds to a given message digest, or
2) to find two different messages that produce the same message digest

3
Q

Secure shell (SSH)

A

Network protocol that uses cryptography to secure communication, remote command line login and remote command execution between two networked computers

4
Q

Security information and event management (SIEM)

A

SIEM solutions are a combination of the formerly disparate product categories of SIM (security information management) and SEM (security
event management). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.

5
Q

Security metrics

A

A standard of measurement used in management of security-related activities

6
Q

Segregation/separation of duties (SoD)

A

A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals the responsibility for initiating and recording transactions and for the custody of assets.
Segregation/separation of duties is commonly used in large IT organizations so that no single person is in a position to introduce fraudulent or malicious code without detection.

7
Q

Sensitivity

A

A measure of the impact that improper disclosure of information may have on an organization

8
Q

Service delivery objective (SDO)

A

Directly related to business needs, SDO is the level of services to be reached during the alternate process mode until the normal situation is restored.

9
Q

Service level agreement (SLA)

A

An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured

10
Q

Session key

A

A single-use symmetric key used for a defined period of communication between two computers, such as for the duration of a single communication session or transaction set

11
Q

Shell programming

A

A script written for the shell, or command line interpreter, of an operating system; it is often considered a simple domain-specific programming language.

12
Q

Sniffing

A

The process by which data traversing a network are captured or monitored

13
Q

Social engineering

A

An attack based on deceiving users or administrators at the target site into revealing confidential or sensitive information

14
Q

Split knowledge/split key

A

A security technique in which two or more entities separately hold data items that individually convey no knowledge of the information that results from combining the items; a condition under which two or more entities separately have key components that individually convey no knowledge of the plaintext key that will be produced when the key components are combined in the cryptographic module

15
Q

Spoofing

A

Faking the sending address of a transmission in order to gain illegal entry
into a secure system

16
Q

Software as a service (SaaS)

A

Offers the capability to use the provider’s applications running on cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email).

17
Q

Standard

A

A mandatory requirement, code of practice or specification approved by a
recognized external standards organization, such as International
Organization for Standardization (ISO)

18
Q

Symmetric key encryption

A

System in which a different key (or set of keys) is used by each pair of trading partners to ensure that no one else can read their messages. The same key is used for encryption and decryption.

19
Q

System owner

A

Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system