Glossary: S -TEISS® : Cracking Cyber Security

Glossary / Glossary: S

Glossary: S

1-10  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  

Scenario The description of a potential or imagined risk that outlines possible threats, vulnerabilities and impacts
Scenario playbook A set of rules, processes and links to resources that guide people through the process of responding to a cyber security breach
Script A file containing commands or instructions to be executed by a computer
Secure Socket Layer (SSL) An encryption system that protects the privacy of data exchanged by a website and the individual user. Used by websites whose URLs begin with https instead of http. Now succeeded by Transport layer security (qv)
Sensitive information Often a classification of information somewhere between Public and Secret. Also a sometimes legally applicable designation of personal information (qv) that includes facts or opinions about “sensitive” topics such as ethnicity, health, criminal activity or sexual preference
Server A computer that has a particular function; for instance a web server would contain websites and allow other computers to access them
Shadow IT Parallel informal corporate networks set up by employees, generally as a way of making their lives easier. See BYOIT, BYOD, BYOC, and BYOA
Shoulder surfing Looking over a person’s shoulder to get confidential information a PIN at an ATM machine or a password on a website
Shylock Malware designed to steal banking details
SIEM Security Information and Event Management; a system for detecting attempted intrusions into IT networks
Signature A distinguishing pattern associated with an attack, such as a string of characters in a virus. See Attack signature
Smishing Phishing (qv) using SMS messaging
Smurf attack A type of Denial of Service attack (qv)
Sniffing The process of capturing valuable information such as passwords when that information is transmitted over a network
Social engineering The use of human-based or low-technology means—such as lies, impersonation, tricks, bribes, blackmail and threats and other tools of the confidence trickster—to attack information systems or to persuade people to behave in a particular way. One can argue that all marketing is social engineering
Social media crisis A wave of negative social media posts, usually amplified by commercial media, about an organisation’s products or services, that can cause reputational damage (qv)
Social networking Websites focused on the building of social networks; is a popular example. Users of these sites create online pro­files, post pictures and share personal data such as their contact information, birthdays, hobbies, and location. Business secrets are sometimes inadvertently leaked via these sites. Similarly people can put themselves at risk of phishing (qv) attacks by over sharing personal information
Spam Unsolicited email sent to large numbers of people in the hope that at least some will respond; often used in phishing (qv) attacks
Spear phishing A phishing (qv) email sent to an individual or employees of a particular organization, containing personalised and relevant information that makes the email appear highly credible
Spoofing Creating a false identity. Email addresses can be spoofed to fool recipients into thinking that the message comes from a particular person when in fact it comes from a hacker. Also as part of a DDoS attack hackers will “spoof” the IP addresses from which they are sending the large amounts of traffic designed to take down a website; because the IP addresses are non-existent (spoofed) the website server has trouble responding to them and is more likely to stall. See IP spoofing and Email spoofing
Spyware Software that records your behaviour on a computer; often used by advertising companies to record which websites you have vis­ited , it can also be used by hackers to steal sensitive information
SQL injection The corruption of a database by the use of a database command (using the SQL computer language) that is “injected” into the database via a form (e.g. a Log In form) in a website or the address of a web page
SSL See Secure Socket Layer
Supply chain attack Attacks that involve implanting rootkits (qv) or other malware into software or machinery during its manufacture so that it arrives at the end customer with hacking or spying tools ready to go
SYN flood attack A type of Denial of Service attack (qv)

Most Popular