Index_C

C

CA (certificate authority), 356

IPSec protocol and, 455

CAAT (Computer-Assisted Audit Tool), 179

canons, within code of ethics, 3

Carrier Sense Multiple Access/Collision Detect protocol (CSMA/CD protocol), 418

CBC (Cipher Block Chaining), 337, 347

CBK (common body of knowledge), 2

CCBs (Change Control Boards), 137

central logging facility (CLF), 177

centralized access control systems, 60

certificate authority (CA), 356

IPSec protocol and, 455

certificate owners, 358

certificate policies, 361

Certificate Practice Statements (CPSs), 362

certificate revocation lists (CRLs), 363

certification (computer systems), 117

certifications (levels of expertise), 2

Certified Information Systems Auditor (CISA), 182

Certified Information Systems Security Professional (CISSP), 2, 4

CFB (Cipher Feedback), 348

chain of custody, for evidence, 305

chain of trust, 364

Challenge Handshake Authentication Protocol (CHAP), 433

Change Control Boards (CCBs), 137

change control/change management, 135–139

maintaining documentation for, 241

Channel Service Unit (CSU), 424

CHAP protocol, 433

checklist audits, 198–201

checksums, 136

Chernobyl virus, 497

chosen plaintext attacks, 381

CIA triad. See confidentiality, integrity, availability

CIH/Chernobyl virus, 497

Cipher Block Chaining (CBC), 337, 347

Cipher Feedback (CFB), 348

ciphers, 326

ciphertext, 326

ciphertext-only attacks, 380

CISA (Certified Information Systems Auditor), 182

CISSP certification, 2, 4

Clark-Wilson formal access control model, 68

clean desk spot checks, 149

CLF (central logging facility), 177

click kiddies, 480

coaxial (coax) cable, 398

code, 481

poor quality and, 523

slag, 491

code of ethics, 3

Code Red worm, 498

cold sites, 279, 280

collecting data, 192–211

collisions, 328

common body of knowledge (CBK), 2

companion viruses, 485

compartment mode, 133, 134

compartments, 134

computer forensics, 300–313

importance of careful evidence handling and, 311

Computer Security Incident and Response Team (CSIRT), 215

Computer-Assisted Audit Tool (CAAT), 179

concept virus, 505

confidential information, 142

confidentiality, 110

access controls and, 37

data communications and, 394

confidentiality, integrity, availability (CIA), 11, 110–112

auditing and, 180

encryption and, 328

configuration management, 11

confusion operations, 335

connection-oriented vs. connectionless protocols, 427

contact lists, 238–240

container files, 330

containment of incidents, 298

contingency plans, 268

continuous audit, 176, 211

control mechanisms/policies, 123

control types, 13, 178

controlling access. See access controls

copper cable, 398

copy backups, 274

corporate information security policies, 146

corrective access control policies, 57

cost/benefit analyses, 265

covert channels, 132

CPSs (Certificate Practice Statement), 362

crackers, 479

CRC errors, 436

crime scene analysis, 292

crime scene technicians, 305

CRLs (certificate revocation lists), 363

cryptanalysis, 326

crypto, 326

cryptographic attacks, 380–382

cryptography, 20–22, 325–391

specialty areas of (list), 20

standards and protocols for, 366

See also encryption

cryptography domain, 20–22

cryptovariables. See keys

CSIRT (Computer Security Incident and Response Team), 215

CSMA/CD protocol, 418

CSU/DSU (Channel Service Unit/Data Service Unit), 424

cybercriminals, 479

cyclic redundancy check (CRC), 307