S

Actions that are taken to protect EPHI. there are three types of safeguards: administrative, physical, and technical, some safeguards are required, while others are addressable, safeguards are also referred to as controls. There are implementation specifications for most standards.

Broadly defined in S164.304 as 'the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.'

Within the HIPAA regulations, this is a required position (etc), in computer and operational security, this is often a position where etc.

Often used to refer to a specific standard, as defined in the HIPAA acts, that needs to be met.

A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.

A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection.

Encompass all of the administrative, physical, and technical safeguards in an information system. [45 C.F.R. § 164.304].

The attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. [45 C.F.R. § 164.304].

A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.

A system entity that provides a service in response to requests from other system entities called clients .

Take over a session that someone else has established.

In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.

A system file in which encryption user password are stored so that they aren't available to people who try to break into the system.

The protocol governing network management and the monitoring of network devices and their functions, a set of protocols for managing complex networks.

A synonym for 'passive wiretapping'.

A euphemism for non-technical or low-technology means-such as lies, impersonation, tricks, bribes, blackmail, and threats-used to attack information systems.

A protocol that a proxy server can use to accept requests from client users in a company's network so that it can forward them across the Internet. Socks uses sockets to represent and keep track of individual connections. The client side of Socks is built into certain Web browsers and the server side can be added to a proxy server.

Electronic junk mail or junk newsgroup postings. Spoof: Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.

Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, Stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination.

Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is 'invisible' ink.

A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.

A communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service.

A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called 'secret-key cryptography' (versus public-key cryptography) because the entities that share the key.

A cryptographic key that is used in a symmetric cryptographic algorithm.

A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers , used when opening a connection) than the protocol implementation can handle.