priorities, documenting business continuity plan, 111–112 statement of urgency and timing, documenting business continuity plan, 111–112 static electricity, controlling, 401 static NAT, IP addressing and, 528 static packet-filtering firewalls, 466 static passwords, 564 static RAM, 329 static systems. See embedded and static systems static testing, software, 645, 858 statistical attacks, types of cryptographic attacks, 258 statistical intrusion detection, 717 stealth viruses, 888 steganography egress monitoring with, 741 overview of, 250–252, 251–252 STOP error, in Blue Screen of Death, 843 stopped state, types of operating states, 322 storage of disaster recovery plans, 793 information life cycle management and, 669 plan for backup media, 787–790 removable, 355 sensitive data, 167–168 of threats, 870 types of, 869 storage area networks (SANs), 525 storage devices security issues, 333 types of, 331–333 storage segmentation, mobile device security, 354 stored procedures, protecting against SQL injection, 905 storms, disaster recovery planning for, 763–764 STP (shielded twisted-pair) cable, 475–476 strategic planning, aligning security functions to, 15, 15–16 strategy development phase, in continuity planning, 107 stream ciphers, 207 Stream Control Transmission Protocol (SCTP), 581 streaming media (audio/video), copyright protection and, 135 STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege), threat modeling and, 30–31 strikes, disaster recovery planning for, 768–769 stripe of mirrors, RAID-10, 771 striping, RAID-0, 771 striping with parity, RAID-5, 771 strong passwords creating policy for, 620 dual administrator account audits for, 745 preventing password attacks, 611 Structured Query Language (SQL) aggregation-related vulnerabilities, 341 Data Definition Language, 864 Data Manipulation Language, 864 database transactions, 864–866 multilevel security database security with views, 866 relational databases, 863–864 structured walk-through test, disaster recovery plan, 794 STs (security targets), Common Criteria, 296–297 study tools, for this book additional, 968 customer care, 970 system requirements, 969 troubleshooting, 969–970 using, 969 Stuxnet worm advanced persistent threat (APT) using, 609 overview of, 892–893 subclasses, in object-oriented programming, 840 subjects access control between objects and, 271, 557 in Clark-Wilson triple, 286 Graham-Denning model, 288 subnet masks, IP addressing, 445 subpoena, compelling surrender of evidence, 822 subscriber identity module (SIM) card cell phone security issues, 507 failure of remote wipe and, 677 substitution ciphers in American Civil War, 191 Caesar cipher, 190–191 one-time pads, 205–206 overview of, 203–205 super-increasing sets, Merkle-Hellman Knapsack algorithm based on, 234 supervisory control and data acquisition (SCADA), 348–349 supervisory state, types of operating states, 322 supplies, disaster recovery plan for, 791 support ownership, BYOD devices, 358 support services, analyzing business organization, 96 Supreme Court, in U.S. legal system, 125 surges, power offline or standby UPS protecting from, 773 surge protectors, 400 Sutherland model, 288 SVCs (switched virtual circuits), 532 swIPe (Software IP Encryption), secure communication protocols, 501 Switched Multimegabit Data Service (SMDS), WAN connections, 536 switched virtual circuits (SVCs), 532 switches network devices, 471 preventing rogue sniffers, 720 switching technologies circuit switching, 530–531 overview of, 530 packet switching, 531–532 virtual circuits, 532 SW-SCMM or SCMMM (Software Capability Maturity Model), 850–852 Sybex text engine, 968