|
|
CA (certificate authority), 356
IPSec protocol and, 455
CAAT (Computer-Assisted Audit Tool), 179
canons, within code of ethics, 3
Carrier Sense Multiple Access/Collision Detect protocol (CSMA/CD protocol), 418
CBC (Cipher Block Chaining), 337, 347
CBK (common body of knowledge), 2
CCBs (Change Control Boards), 137
central logging facility (CLF), 177
centralized access control systems, 60
certificate authority (CA), 356
IPSec protocol and, 455
certificate owners, 358
certificate policies, 361
Certificate Practice Statements (CPSs), 362
certificate revocation lists (CRLs), 363
certification (computer systems), 117
certifications (levels of expertise), 2
Certified Information Systems Auditor (CISA), 182
Certified Information Systems Security Professional (CISSP), 2, 4
CFB (Cipher Feedback), 348
chain of custody, for evidence, 305
chain of trust, 364
Challenge Handshake Authentication Protocol (CHAP), 433
Change Control Boards (CCBs), 137
change control/change management, 135–139
maintaining documentation for, 241
Channel Service Unit (CSU), 424
CHAP protocol, 433
checklist audits, 198–201
checksums, 136
Chernobyl virus, 497
chosen plaintext attacks, 381
CIA triad. See confidentiality, integrity, availability
CIH/Chernobyl virus, 497
Cipher Block Chaining (CBC), 337, 347
Cipher Feedback (CFB), 348
ciphers, 326
ciphertext, 326
ciphertext-only attacks, 380
CISA (Certified Information Systems Auditor), 182
CISSP certification, 2, 4
Clark-Wilson formal access control model, 68
clean desk spot checks, 149
CLF (central logging facility), 177
click kiddies, 480
coaxial (coax) cable, 398
code, 481
poor quality and, 523
slag, 491
code of ethics, 3
Code Red worm, 498
cold sites, 279, 280
collecting data, 192–211
collisions, 328
common body of knowledge (CBK), 2
companion viruses, 485
compartment mode, 133, 134
compartments, 134
computer forensics, 300–313
importance of careful evidence handling and, 311
Computer Security Incident and Response Team (CSIRT), 215
Computer-Assisted Audit Tool (CAAT), 179
concept virus, 505
confidential information, 142
confidentiality, 110
access controls and, 37
data communications and, 394
confidentiality, integrity, availability (CIA), 11, 110–112
auditing and, 180
encryption and, 328
configuration management, 11
confusion operations, 335
connection-oriented vs. connectionless protocols, 427
contact lists, 238–240
container files, 330
containment of incidents, 298
contingency plans, 268
continuous audit, 176, 211
control mechanisms/policies, 123
control types, 13, 178
controlling access. See access controls
copper cable, 398
copy backups, 274
corporate information security policies, 146
corrective access control policies, 57
cost/benefit analyses, 265
covert channels, 132
CPSs (Certificate Practice Statement), 362
crackers, 479
CRC errors, 436
crime scene analysis, 292
crime scene technicians, 305
CRLs (certificate revocation lists), 363
cryptanalysis, 326
crypto, 326
cryptographic attacks, 380–382
cryptography, 20–22, 325–391
specialty areas of (list), 20
standards and protocols for, 366
See also encryption
cryptography domain, 20–22
cryptovariables. See keys
CSIRT (Computer Security Incident and Response Team), 215
CSMA/CD protocol, 418
CSU/DSU (Channel Service Unit/Data Service Unit), 424
cybercriminals, 479
cyclic redundancy check (CRC), 307
|
|