A definition of the syntax and semantics for writing and interpreting scripts. Typically, scripting languages follow the conventions of a simple programming language, but they can also take on a more basic form such as a macro or a batch file. JavaScript, VBScript, Tcl, PHP, and Perl are examples of scripting languages.

Secrecy

Denial of access to information by unauthorized individuals.

Secret key

A cryptographic key that is used with a secret key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not being made public. A key used by a symmetric algorithm to encrypt and decrypt data. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution.

Secret key (symmetric) cryptographic algorithm

A cryptographic algorithm that uses a single, secret key for both encryption and decryption. This is the traditional method used for encryption. The same key is used for both encryption and decryption. Only the party or parties that exchange secret messages know the secret key. The biggest problem with symmetric key encryption is securely distributing the keys. Public key techniques are now often used to distribute the symmetric keys. An encryption algorithm that uses only secret keys. Also known as private-key encryption.

Secure channel

An information path in which the set of all possible senders can be known to the receivers or the set of all possible receivers can be known to the senders, or both.

Secure communication protocol

A communication protocol that provides the appropriate confidentiality, authentication, and content integrity protection.

Secure configuration management

The set of procedures appropriate for controlling changes to a system’s hardware and software structure for the purpose of ensuring that changes will do not lead to violations of the system’s security policy.

Secure erase

An overwrite technology using a firmware-based process to overwrite a hard drive, such as ATA or SCSI.

Secure hash

A hash value that is computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same digest.

Secure hash standard

This standard specifies four secure hash algorithms (SHAs): SHA-1, SHA-256, SHA-384, and SHA-512 for computing a condensed representation of electronic data (message) called a message digest. SHAs are used with other cryptographic algorithms, such as the digital signature algorithms and keyed-hash message authentication code (HMAC), or in the generation of random numbers (bits).

Secure hypertext-transfer protocol (S/HTTP)

A message-oriented communication protocol that extends the HTTP protocol. It coexists with HTTP’s messaging model and can be easily integrated with HTTP applications.

Secure multipurpose Internet mail extension (S/MIME)

A protocol for encrypting messages and creating certificates using public key cryptography. S/MIME is supported by default installations of many popular mail clients. It uses a classic, hierarchical design based on certificate authorities for its key management, thus making it suitable for medium- to large-scale implementations.

Secure operating system

An operating system that effectively controls hardware and software functions in order to provide the level of protection appropriate to the value of the data and resources managed by the operating system.

Secure sockets layer (SSL)

(1) A protocol that provides end-to-end encryption of application layer network traffic. It provides privacy and reliability between two communicating applications. It is designed to encapsulate other protocols, such as HTTP. SSL v3.0 has been succeeded by IETF’s TLS. (2) An authentication and security protocol widely implemented in browsers and Web servers for protecting private information during transmission via the Internet.

Secure sockets layer (SSL) and transport layer security (TLS)

SSL is a protocol developed by Netscape for transmitting private documents via the Internet. SSL is based on public key cryptography, used to generate a cryptographic session that is private to a Web server and a client browser. SSL works by using a public key to encrypt data that is transferred over the SSL connection. Most Web browsers support SSL and many websites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https” instead of “http.” SSL has been superseded by the newer TLS protocol. There are only minor differences between SSL and TLS.

Secure state

A condition in which no subject can access any object in an unauthorized manner.

Security

The quality of state-of-being cost-effectively protected from undue losses (e.g., loss of goodwill, monetary loss, and loss of ability to continue operations). Preservation of the authenticity, integrity, confidentiality, and ensured service of any sensitive or nonsensitive system-valued function and/or information element. Security is a system property. Security is much more than a set of functions and mechanisms. IT security is a system characteristic as well as a set of mechanisms that span the system both logically and physically.

Security administrator

A person dedicated to performing information security functions for servers and other hosts, as well as networks.

Security architecture

A description of security principles and an overall approach for complying with the principles that drive the system design; i.e., guidelines on the placement and implementation of specific security services within various distributed computing environments.

Security assertions markup language (SAML)

(1) An XML-based security specification for exchanging authentication and authorization information between trusted entities over the Internet. Security typically involves checking the credentials presented by a party for authentication and authorization. SAML standardizes the representation of these credentials in an XML format called ‘‘assertions,” enhancing the interoperability between disparate applications. (2) A specification for encoding security assertions in the extensible markup language (XML). (3) A protocol consisting of XML-based request and response message formats for exchanging security information, expressed in the form of assertions about subjects and between online business partners.

Security association (SA)

It is a set of values that define the features and protections applied to a connection.

Security association (WMAN/WiMAX)

A security association (SA) is the logical set of security parameters containing elements required for authentication, key establishment, and data encryption.

Security association lifetime

How often each security association (SA) should be recreated, based on elapsed time or the amount of network traffic.

Security assurance

It is the degree of confidence one has that the security controls operate correctly and that they protect the system as intended.

Security attribute

(1) An abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information, typically associated with internal data structures (e.g., records, buffers, and files) within the information system and used to enable the implementation of access control and flow control policies, reflect special dissemination, handling or distribution instructions, or support other aspects of the information security policy. (2) A security-related quality of an object and it can be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes, which are used to implement a security policy.