home/glossary/Nouns · S

Glossary · Nouns · S

L1 — paginated flat list. Pick a POS, pick a letter.

TermTypeDefinitionClassificationsUpdated
Secure CommunicationsnounMWETelecommunications deriving security through use of NSA-approved products and/or Protected Distribution Systems.CapabilityRegulatedCUIMay 12, 2026
secure development practicenounMWEA software development practice where the confidentiality, integrity, and availability of the software code is protected against threats and vulnerabilities.ProcessRegulatedIPMay 9, 2026
secure disposalnounMWEThe process of erasing or overwriting data stored on media before relinquishing control of said media when no longer required, in a manner that ensures that no data can be recovered from the media.ProcessRegulatedMay 9, 2026
Secure DNSnounMWEConfiguring and operating DNS servers so that the security goals of data integrity and source authentication are achieved and maintained.NetworkMay 9, 2026
Secure Electronic TransactionnounMWEA standard that will ensure that credit card and associated payment order information travels safely and securely between the various involved parties on the Internet.FrameworkRegulatedPCIMay 9, 2026
Secure ErasenounMWEAn overwrite technology using firmware-based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.ControlRegulatedMay 9, 2026
Secure Hash AlgorithmnounMWEA hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.CapabilityMay 12, 2026
Secure Hash StandardnounMWEThis Standard specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 264 bits (for SHA-1, SHA-224 and SHA-256) or less than 2128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm.FrameworkPublicMay 12, 2026
Secure Multipurpose Internet Mail ExtensionsnounMWEProvides cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption) to provide a consistent way to send and receive MIME data. (RFC 2311)ControlMay 9, 2026
Secure ShellnounMWENetwork protocol that uses cryptography to secure communication, remote command line log-in, and remote command execution between two networked computers.NetworkMay 12, 2026
Secure Socket LayernounMWEA protocol used for protecting private information during transmission via the Internet. Note: SSL works by using a public key to encrypt data that's transferred over the SSL connection. Most Web browsers support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https:” instead of “http:.”NetworkRegulatedPCIMay 12, 2026
Secure Socket Layer (SSL)nounMWEA protocol that is used to transmit private documents through the Internet.NetworkMay 9, 2026
Secure Sockets LayernounMWEA protocol that is used to transmit private documents through the Internet Scope Note: The SSL protocol uses a private key to encrypt the data that are to be transferred through the SSL connection.NetworkRegulatedMay 12, 2026
Secure StatenounMWECondition in which no subject can access any object in an unauthorized manner.ControlMay 9, 2026
Secure SubsystemnounMWESubsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.SystemRegulatedMay 12, 2026
Secure/Multipurpose Internet Mail ExtensionsnounMWEA set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard [MIME] and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s).ControlRegulatedMay 12, 2026
Secured BondnounMWEa bond that is back by collateralverifiedMay 18, 2026
Securely ProvisionnounMWEA NICE Workforce Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.ProcessMay 9, 2026
Securenessnounthe quality of being fixed in place as by some firm attachmentverifiedMay 18, 2026
Securernounsomeone who obtains or acquiresverifiedMay 18, 2026
Securities AnalystnounMWEan analyst who studies the financial performance of corporationsverifiedMay 18, 2026
Securities FirmnounMWEa stock broker's businessverifiedMay 18, 2026
Securities IndustrynounMWEthe securities markets in the aggregateverifiedMay 18, 2026
Securities LawnounMWEthe body of laws governing the issuance and selling of securitiesverifiedMay 18, 2026
Securities MarketnounMWEan exchange where security trading is conducted by professional stockbrokersverifiedMay 18, 2026
SecuritynounA condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.CapabilityMay 9, 2026
security alertnounMWEAny form of notification or alert structure that something is amiss with the system's configuration, settings, etc.EventMay 9, 2026
Security architecturenounMWEA detailed description of all aspects of the system that relate to security, along with a set of principles to guide the design. A security architecture describes how the system is put together to satisfy the security requirements.FrameworkMay 9, 2026
Security as a ServicenounMWEThe next generation of managed security services dedicated to the delivery, over the Internet, of specialized information-security services.CapabilityMay 9, 2026
Security Assertion Markup LanguagenounMWEA framework for exchanging authentication and authorization information. Security typically involves checking the credentials presented by a party for authentication and authorization. SAML standardizes the representation of these credentials in an XML format called “assertions,” enhancing the interoperability between disparate applications.FrameworkMay 12, 2026
security assessment reportnounMWEAny published finding of security component audits such as a vulnerability assessment.ArtifactConfidentialMay 9, 2026
Security AssociationnounMWEA relationship established between two or more entities to enable them to protect data they exchange.ControlMay 9, 2026
Security AttributenounMWEAn abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy.DataRegulatedCUIMay 9, 2026
Security auditnounMWEAn independent review and examination of system records and activities to test for adequacy of system controls, ensure compliance with established policy and operational procedures, and recommend any indicated changes in control, policy, and procedures.ProcessRegulatedMay 9, 2026
security automationnounMWEThe use of information technology in place of manual processes for cyber incident response and management.CapabilityMay 12, 2026
Security Automation DomainnounMWEAn information security area that includes a grouping of tools, technologies, and data.CapabilityMay 12, 2026
Security Awareness programnounMWEThe documented plan and documented activities to create well-informed interest in being free from danger or threat.ProcessRegulatedCUIMay 9, 2026
security awareness trainingnounMWEThe process of educating personnel on critical business processes.ProcessInternalMay 9, 2026
Security BannernounMWEA banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. Also can refer to the opening screen that informs users of the security implications of accessing a computer resource.ControlRegulatedCUIMay 12, 2026
Security BlanketnounMWEa blanket (or toy) that a child carries around in order to reduce anxietyverifiedMay 18, 2026
Security breachnounMWEA security event that results in unauthorized access of data, applications, services, networks, or devices by bypassing underlying security mechanisms.EventRegulatedMay 9, 2026
Security CategorizationnounMWEThe process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.ProcessRegulatedCUIMay 12, 2026
Security CategorynounMWEThe characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the Nation.RequirementRegulatedMay 12, 2026
Security Concept of OperationsnounMWEA security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.ArtifactRestrictedCUIMay 12, 2026
Security ConsultantnounMWEan adviser about alarm systems to prevent burglariesverifiedMay 18, 2026
Security Content Automation ProtocolnounMWEA method for using specific standardized testing methods to enable automated vulnerability management, measurement, and policy compliance evaluation against a standardized set of security requirements.FrameworkMay 9, 2026
security controlnounMWEA safeguard or countermeasure to avoid, counteract or minimize security risks relating to personal property, or any company property. For business-to-business facing organizations whose service may affect the financial statements of the other company, the prospect may require successful audit reports of policy controls.ControlRegulatedMay 9, 2026
Security Control AssessmentnounMWEThe testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.ControlRegulatedCUIMay 9, 2026
Security Control AssessornounMWEThe individual, group, or organization responsible for conducting a security control assessment.RoleMay 9, 2026
Security Control BaselinenounMWEOne of the sets of minimum security controls defined for federal information systems in NIST Special Publication 800-53 and CNSS Instruction 1253.ControlRegulatedMay 9, 2026
Security Control EffectivenessnounMWEThe measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.MetricMay 9, 2026
Security Control EnhancementsnounMWEStatements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control.ControlMay 9, 2026
Security Control InheritancenounMWEA situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control.ControlMay 9, 2026
Security Controls BaselinenounMWEThe set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.RequirementRegulatedCUIMay 9, 2026
Security DepartmentnounMWEa department responsible for the security of the institution's property and workersverifiedMay 18, 2026
Security DepositnounMWEthe amount of collateral a customer deposits with a broker when borrowing from the broker to buy securitiesverifiedMay 18, 2026
Security DomainnounMWEA collection of entities to which applies a single security policy executed by a single authority.FrameworkMay 12, 2026
Security EngineeringnounMWEAn interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.CapabilityMay 12, 2026
security eventnounMWEAn event that potentially compromises the confidentiality, integrity, availability, or accountability of an information system.EventRegulatedMay 12, 2026
Security Event LognounMWEThis record contains records of any security-related and auditing-related events.EventRegulatedCUIMay 12, 2026
Security Fault AnalysisnounMWEAn assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.ProcessMay 12, 2026
Security Features Users GuidenounMWEGuide or manual explaining how the security mechanisms in a specific system work.ArtifactInternalMay 12, 2026
Security FilternounMWEA secure subsystem of an information system that enforces security policy on the data passing through it.ControlMay 9, 2026
Security ForcenounMWEa privately employed group hired to protect the security of a business or industryverifiedMay 18, 2026
Security FunctionsnounMWEThe hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.CapabilityMay 9, 2026
Security GoalsnounMWEThe five security goals are confidentiality, availability, integrity, accountability, and assurance.RequirementMay 12, 2026
Security GuardnounMWEa guard who keeps watchverifiedMay 18, 2026
Security Impact AnalysisnounMWEThe analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.ProcessInternalMay 12, 2026
security incidentnounMWEAn adverse event where a threat or exploit may compromise a computer system and cause: loss of data confidentiality, disruption of system or data integrity, or disruption or denial of availability of the system and/or data.EventRegulatedMay 12, 2026
security incident response plannounMWEThe steps taken during an incident. An incident response plan brings together and organizes the resources for dealing with any event that harms or threatens the security of information assets. Such an event may be a malicious code attack, an unauthorized access to information or systems, the unauthorized use of services, a denial of service attack, or a hoax.ProcessRegulatedMay 9, 2026
Security Information and Event ManagementnounMWEApplication that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.CapabilityMay 12, 2026
Security InspectionnounMWEExamination of an information system to determine compliance with security policy, procedures, and practices.ProcessMay 9, 2026
Security IntelligencenounMWEintelligence on the identity and capability and intentions of hostile individuals or organizations that may be engaged in espionage or sabotage or subversion or terrorismverifiedMay 18, 2026
Security InterestnounMWEany interest in a property that secures the payment of an obligationverifiedMay 18, 2026
Security KernelnounMWEHardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.SystemRegulatedMay 12, 2026
Security LabelnounMWEInformation that represents or designates the value of one or more security relevant-attributes (e.g., classification) of a system resource.ControlRegulatedMay 12, 2026
Security LevelnounMWEA hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy being enforced, a specific level of protection.MetricMay 12, 2026
Security lognounMWEA record that contains log-in and logout activity and other security-related events and that is used to track security-related information on a computer system.ArtifactRegulatedMay 12, 2026
Security Management DashboardnounMWEA tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders.CapabilityMay 9, 2026
Security MarkingnounMWEHuman-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings.ArtifactRegulatedCUIMay 9, 2026
Security MeasuresnounMWEmeasures taken as a precaution against theft or espionage or sabotage etc.verifiedMay 18, 2026
Security MechanismnounMWEA device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design.ControlMay 12, 2026
Security metricsnounMWEA standard of measurement used in management of security-related activitiesMetricMay 9, 2026
Security Net Control StationnounMWEManagement system overseeing and controlling implementation of network security policy.SystemRegulatedCUIMay 9, 2026
Security ObjectivenounMWEConfidentiality, integrity, or availability.RequirementMay 12, 2026
security operations centrenounMWEA function or service responsible for monitoring, detecting and isolating incidents.CapabilityMay 12, 2026
security patchnounMWEComputer code intended to repair or lessen the impact of vulnerabilities within application software.ControlRegulatedMay 12, 2026
security patchingnounMWEThe purpose of this task is to distribute patches to apply security patches to organizational operating systems and applications.ProcessRegulatedMay 9, 2026
security patching processnounMWEThe series of steps taken to acquire, test, and distribute security patches to the appropriate administrators and users throughout the organization.ProcessRegulatedMay 9, 2026
Security perimeternounMWEA physical or logical boundary that is defined for a system, domain, or enclave, within which a particular security policy or security architecture is applied.ControlMay 9, 2026
security personnelnounMWEIndividuals who protect people, facilities, and information for an organization.RoleMay 9, 2026
Security PlannounMWEFormal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. See ‘System Security Plan’ or ‘Information Security Program Plan.’ArtifactRestrictedMay 9, 2026
security policynounMWEA set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data.RequirementMay 9, 2026
Security PosturenounMWEThe security status of an enterprise’s networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.MetricInternalMay 12, 2026
security practicenounMWEThe actions an organization takes to initiate, implement, and maintain organizational security.ProcessRegulatedMay 9, 2026
Security procedure agreementnounMWEAn agreement between a financial institution and a Federal Reserve Bank whereby the financial institution agrees to certain security procedures if it uses an encrypted communications line with access controls for the transmission or receipt of a payment order to or from a Federal Reserve Bank.RequirementMay 9, 2026
security processnounMWEA series of actions that ensure the protection of data.ProcessMay 12, 2026
Security Program ManagementnounMWEIn the NICE Workforce Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).ProcessMay 9, 2026
Security Program PlannounMWEFormal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements.ArtifactRestrictedCUIMay 12, 2026
Security RangenounMWEHighest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network.RequirementRegulatedCUIMay 12, 2026