C


CA (Certification Authority)

In a PKI infrastructure, the CA issues certificates, maintains and publishes status information and Certificate Revocation Lists (CRLs), and maintains archives. See also PKI.

Caller ID

The protocol used to transmit the calling party’s telephone number to the called party’s telephone equipment during the establishment of a telephone call.

CAN

Campus area network.

CBC (Cipher Block Chaining)

One of four operating modes for DES. (See also CFB, ECB, DES, and OFB). Operates on 64-bit blocks of plaintext to produce 64-bit blocks of ciphertext. Each block is XORed (see also XOR) with the ciphertext of the preceding block creating a dependency or chain, thereby producing a more random ciphertext result. This is the most common mode of DES operation.

CER (Crossover Error Rate)

In biometric access control systems, the point at which the FRR equals the FAR, stated as a percentage. See also FAR, FRR.

CERT. See CIRT.

Certification

A formal methodology for comprehensive testing and documentation of information system security safeguards, both technical and nontechnical, in a given environment using established evaluation criteria.

CFB (Cipher Feedback)

One of four operating modes for DES. (See also CBC, DES, ECB, and OFB.) CFB is a stream cipher most often used to encrypt

individual characters. In this mode, previously generated ciphertext is used as feedback for key generation in the next key stream and the resulting ciphertext is chained together.

Chain of Custody (or Chain of Evidence)

Provides accountability and protection for evidence throughout its entire life cycle.

Change management

The formal business process that ensures that all changes made to a system are properly requested, reviewed, approved, and implemented.

CHAP (Challenge Handshake Authentication Protocol)

A remote access control protocol that uses a three-way handshake to authenticate both a peer and a server.

C-I-A

Confidentiality, integrity, and availability.

Cipher

A cryptographic transformation.

Ciphertext

A plaintext message that has been transformed (encrypted) into a scrambled message that is unintelligible.

Circumstantial evidence

Relevant facts that can’t be directly or conclusively connected to other events but about which a reasonable inference can be made.

CIRT (Computer Incident Response Team) or CERT (Computer Emergency Response Team)

A team comprising individuals properly trained in incident response and investigation.

Civil (or Tort) law

Addresses wrongful acts committed against an individual or business, either willfully or negligently, resulting in damage, loss, injury, or death.

Clark-Wilson model

A formal integrity model that addresses all three goals of integrity and identifies special requirements for inputting data.

Classification

The process of assigning a document with a security label that defines how the document should be handled.

Closed system

A system that uses proprietary hardware and/or software that may not be compatible with other systems or components. See also Open system.

Clustering (or Key Clustering)

Occurs when identical ciphertext messages are generated from a plaintext message by using the same encryption algorithm but different encryption keys.

Cold site

An alternate computer facility with electricity and HVAC but no computer equipment located on site. See also HVAC.

Common criteria

An international effort to standardize and improve existing European and North American information systems security evaluation criteria.

Compensating controls

Controls that are implemented as an alternative to other preventive, detective, corrective, deterrent, or recovery controls.

Compensatory damages

Actual damages to the victim including attorney/legal fees, lost profits, investigative costs, and so on.

Complex-Instruction-Set-Computing (CISC)

A microprocessor instruction set architecture in which each instruction can execute several low-level operations. See also RISC.

Concealment cipher

A technique of hiding a message in plain sight. The key is knowing where the message lies.

Concentrator

See Hub.

Conclusive evidence

Incontrovertible and irrefutable . . . you know, the smoking gun.

Confidentiality

Prevents the unauthorized use or disclosure of information, ensuring that information is accessible only to those authorized to have access to the information.

Configuration management

The process of recording all changes to information systems.

Copyright

A form of protection granted to the author(s) of “original works of authorship,” both published and unpublished.

Corrective controls

Controls that remedy violations and incidents or improve existing preventive and detective controls.

Corroborative evidence

Supports or substantiates other evidence presented in a case.

Covert channel

An unintended communications path. May be a covert storage channel or covert timing channel.

CPU (Central Processing Unit)

The electronic circuitry that performs a computer’s arithmetic, logic, and computing functions.

Criminal law

Defines those crimes committed against society, even when the actual victim is a business or individual(s). Criminal laws are enacted to protect the general public.

Criticality assessment

The part of a Business Impact Assessment that ranks the criticality of business processes and IT systems. See also Business Impact Assessment.

Cryptanalysis

The science of deciphering ciphertext without the cryptographic key.

Cryptography

The science of encrypting and decrypting information, such as a private message, to protect its confidentiality, integrity, and/or authenticity.

Cryptology

The science that encompasses both cryptography and cryptanalysis.

Cryptosystem

The hardware or software implementation that transforms plaintext into ciphertext (encrypts) and back into plaintext (decrypts).

Cryptovariable (or key)

A secret value applied to the algorithm. The strength and effectiveness of the cryptosystem is largely dependent upon the secrecy and strength of the cryptovariable.

Culpable negligence

An organization that fails to follow a standard of due care in the protection of its assets may be held culpably negligent. See also Due care.

Custodian

An individual with day-to-day responsibility for protecting information assets.




CISSP For Dummies
CISSP For Dummies
ISBN: 0470537914
EAN: 2147483647
Year: 2004
Pages: 242

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net