Term 241
Security pillar
The Security pillar is a set of best practices for designing and operating cloud systems that protect data, systems, and assets through confidentiality, integrity, and availability controls.
Acronym study
Terms 241–270 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 241
The Security pillar is a set of best practices for designing and operating cloud systems that protect data, systems, and assets through confidentiality, integrity, and availability controls.
Term 242
A security policy is a formal set of rules and guidelines that an organization establishes to protect its information assets and technology resources.
Term 243
An organization's overall cybersecurity strength, including policies, controls, and readiness to defend against and respond to threats.
Term 244
A security recommendation is a prescribed action, configuration, or update that aims to reduce risk and protect systems, data, and users from known threats or vulnerabilities.
Term 245
A security strategy is a high-level plan that outlines how an organization protects its information assets, aligns security with business goals, and manages risk over time.
Term 246
A security update is a software patch released to fix a vulnerability that could be exploited by attackers to compromise a system.
Term 247
Separation of duties is a security principle that splits critical tasks and privileges among multiple people to prevent fraud, errors, and abuse of power.
Term 248
Serverless security is the practice of protecting applications that run on serverless computing platforms, where the cloud provider manages the infrastructure and the customer is responsible for securing the code, data, and access controls.
Term 249
A Service Control Policy (SCP) is a centralized governance tool in AWS Organizations that allows you to define and enforce maximum permissions for all accounts in an organization, acting as a security guardrail that limits what actions principals can perform.
Term 250
Shared access is a permission model where multiple users, systems, or services are granted common access rights to a resource such as a file, database, network drive, or cloud storage.
Term 251
A shared access signature (SAS) is a secure, time-limited URL that grants granular access to specific resources in cloud storage, allowing you to delegate permissions without sharing your account keys.
Term 252
Shift left security is the practice of integrating security testing and controls earlier in the software development lifecycle, rather than waiting until after deployment.
Term 253
A side-channel attack is a type of security exploit that gathers information from a system by observing its physical or secondary outputs—such as timing, power consumption, or electromagnetic emissions—rather than directly attacking the software or cryptographic algorithm.
Term 254
SIEM (Security Information and Event Management) is a system that collects and analyzes log data from across an IT environment to detect and respond to security threats in real time.
Term 255
A SIEM query is a search command used in a Security Information and Event Management system to find, filter, and analyze security-related log data from across an organization's IT environment.
Term 256
SLE (Single Loss Expectancy) is the monetary loss expected each time a specific risk event occurs, calculated as asset value times exposure factor.
Term 257
Software testing is the process of checking whether a software application works correctly, meets requirements, and is free of defects before it is released to users.
Term 258
Spear phishing is a targeted cyberattack in which a criminal sends a fraudulent email that appears to come from a trusted source, aiming to trick a specific person or organization into revealing sensitive data or installing malware.
Term 259
An SSL VPN is a virtual private network that uses the Secure Sockets Layer protocol to create an encrypted tunnel for remote users to securely access network resources over the internet.
Term 260
A storage firewall is a security appliance or software that controls access to storage systems, protecting data from unauthorized access, malware, and insider threats by inspecting and filtering storage protocol traffic.
Term 261
A stored access policy is a server-side set of rules that defines permissions for accessing data or resources, applied consistently each time a request is made.
Term 262
STRIDE is a threat classification model that helps IT professionals identify and categorize security threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
Term 263
Symmetric encryption is a cryptographic method where the same secret key is used to both encrypt and decrypt data, ensuring confidentiality between two parties.
Term 264
System high mode is a security operating mode where all users with access to the system have security clearances that meet the highest classification level of information processed, but may not have a formal need-to-know for all data within the system.
Term 265
TACACS+ is a protocol that separates authentication, authorization, and accounting functions to control who can access network devices and what they can do.
Term 266
TCB (Trusted Computing Base) is the collection of all hardware, firmware, and software components in a system that are essential to enforcing its security policy.
Term 267
A Teams policy is a set of rules in Microsoft Teams that controls how users can communicate, collaborate, and access features within the application.
Term 268
A technical control is a security mechanism implemented through hardware, software, or firmware that protects the confidentiality, integrity, and availability of IT systems and data.
Term 269
TEMPEST is a U.S. government standard for protecting electronic equipment from emitting electromagnetic signals that could be intercepted to steal sensitive information.
Term 270
A threat is any potential danger that could harm a computer system, network, or data, whether from a malicious hacker, a natural disaster, or an accidental mistake.