CA (Certification Authority), BC5
cable types, for network, 78–80
callback method, for remote access, 110
caller ID, BC5
caller ID fraud and abuse, 116–117
caller ID method, for remote access, 110
campus area network (CAN), 74
CAN-SPAM Act, 322
Carnegie Mellon SEI CERT Coordination Center, BC32
CAT-n cables, 79
CBC (Cipher Block Chaining), 200, BC5
CBK (Common Body of Knowledge), 10, 19–24. See alsospecific domains
CBK Review Seminar, 14
CCIE (Cisco Certified Internetworking Expert), 147, 377
CCSP (Cisco Certified Security Professional), 376
CDI (constrained data item), 66, 235
CD-ROM, practice exam on, 13, 15, 367
Central Processing Unit (CPU), 224–226, BC7
centralized access controls, 59–61
CER (Crossover Error Rate), 49–50, 349, BC5
CERT (Computer Emergency Response Team), BC6
certainty factors, 162
certification
alternatives to CISSP, 32, 33–36, 375–381
definition, 36, 133, BC5
for networking, 73, 365
Certification Authority (CA), BC5
certification of system, 167, 241–242
Certified Information Systems Security Professional certificate. See CISSP certificate
Certified Protection Professional (CPP) certification, 375
CEU (Continuing Education Unit), 147
CFB (Cipher Feedback), 201, BC5–BC6
Chain of Custody (Chain of Evidence), BC6
Challenge Handshake Authentication Protocol (CHAP), 111, BC6
challenge-response dynamic password tokens, 54
change controls, 260–261
change management, 168, BC6
character conversion, 98
Check Point Certified Professional Program, 376
Child Pornography Prevention Act, 320
Chosen Text Attacks (CTA), 200, 218
C-I-A (confidentiality, integrity, availability), 124–125
CIB (CISSP Candidate Information Bulletin), 13
cipher, 191–193, BC6
Cipher Block Chaining (CBC), 200, BC5
Cipher Feedback (CFB), 201, BC5–BC6
ciphertext, 197, BC6
Ciphertext Only Attack (COA), 218
circuit-level gateway firewall, 102
circuit-switched networks, 88
circumstantial evidence, 325, BC6
CIRT (Computer Incident Response Team), BC6
CISC (Complex-Instruction-Set-Computing), 225, BC7
Cisco Certified Internetworking Expert (CCIE), 147, 377
Cisco Certified Security Professional (CCSP), 376
CISSP (Certified Information Systems Security Professional) certificate. See also exam
alternatives to, 32, 33–36
definition, 9–10, 31–32
fees for, 11, 12, 27
informing others about, 31–32
ISO/IEC 17024:2003 compliance with, 32
level of knowledge required for, 9
maintaining, 11, 25–26
minimum requirements for, 10–11
principles for agents of change with, 33
renewing, 11, 27
CISSP Candidate Information Bulletin (CIB), 13
CISSP CBK Review Seminar, 14
CISSP Open Study Guide, 14, 367, BC31
The CISSP Prep Guide: Gold Edition (Krutz, Vines), 13
CISSP Review Seminar, 368
civil law (tort law), 304–306, BC6
cladding, 79
Clark-Wilson model, 66, 234–235, BC6
class, 157
class hierarchy, 157
classification, 127–129, BC6
Clipper Chip, 212
closed system, 230, BC6
clustering, 193, BC6
COA (Ciphertext Only Attack), 218
coaxial cable, 78, 80
Code of Ethics, (ISC)2, 11, 26, 333
code review of system, 166
codes, 193
coding of system, 165–166
coercion, 327
cold site, 290, BC7
collision, 209
collusion, 255
commercial data classification, 127
Common Body of Knowledge (CBK), 10, 19–24. See alsospecific domains
Common Criteria, 240–241
common criteria, BC7
Common Vulnerabilities and Exposures (CVE), BC32
communications, loss of, 343
compensating controls, BC7
compensatory damages, 305, BC7
Complex-Instruction-Set-Computing (CISC), 225, BC7
CompTIA certifications, 377
computer architecture, 223–229
computer crime, 307–309
computer crime laws, 316–323
Computer Emergency Response Team (CERT), BC6
computer forensics, 323, BC12
Computer Fraud and Abuse Act, 317–318
Computer Incident Response Team (CIRT), BC6
The Computer Misuse Act, 322–323
Computer Security Act, 319
Computer Viruses For Dummies (Wiley Publishing), 174
concealment cipher, 193, BC7
concentrator, 81, BC13
conceptual definition of system, 164
conclusive evidence, 325, BC7
Confidential information, 128
confidentiality, 124, 190, BC7
confidentiality, integrity, availability (C-I-A), 124–125
configuration management, 169, 257–258, BC7
connectionless protocols, 96
connection-oriented protocols, 96
connector types, for network, 78–80
constrained data item (CDI), 66, 235
contention-based networks, 83
Continuing Education Unit (CEU), 147
Continuing Professional Education (CPE) credits, 11, 27
control bus, 226
Control Unit, 224
controls. Seespecific types of controls
copyright, 313–314, BC7
corporate information security policy, 136
corrective controls, 259, BC7
corroborative evidence, 325, BC7
cost-benefit analysis, 144–145
cost-effectiveness of safeguard, 144
The Council of Europe’s Convention on Cybercrime, 322
covert channel, 231, BC7
CPE (Continuing Professional Education) credits, 11, 27
CPP (Certified Protection Professional) certification, 375
CPU (Central Processing Unit), 224–226, BC7
crackers, 45, 255
CRC (cyclic redundancy check), 83
criminal law, 304, BC8
criticality assessment, 283, BC8
Crossover Error Rate (CER), 49–50, 349, BC5
cryptanalysis, 194, BC8
cryptographic algorithm, 194
cryptography, 194, BC8
Cryptography domain
asymmetric key cryptography, 203–207, BC3
attack methods used on, 217–219
ciphers, 191–193
ciphertext, 197
cryptosystem, 194–195
definition, 22, 189–190
digital watermarking, 198
e-mail security, 212–213
encryption and decryption, 195–196
history of, 190
Internet security, 213–217
key clustering, 193, BC6
key escrow, 212
key management functions, 210–212
key recovery, 212
message authentication, 207–210
non-repudiation, 196
One-time Pad, 196
PKI (Public Key Infrastructure), 210
plaintext, 196
prep test questions about, 220–222
resources for, 219
steganography, 197–198
symmetric key cryptography, 198–203, BC27
work factor, 197
cryptology, 194, BC8
cryptosystem, 194–195, BC8
cryptovariable (key), 194, BC8
CTA (Chosen Text Attacks), 200, 218
culpable negligence, 306, BC8
custodian, 137, BC8, BC14
CVE (Common Vulnerabilities and Exposures), BC32
Cybercrime Act 2001, 323
cyclic redundancy check (CRC), 83