Caller ID: The protocol used to transmit the calling the calling party’s telephone number to the called party’s telephone equipment during the establishment of a telephone call.
CAN: Campus Area Network.
Central Processing Unit (CPU): The electronic circuitry that performs a computer’s arithmetic, logic, and computing functions.
Certification: A formal methodology that uses established evaluation criteria to conduct comprehensive testing and documentation of information system security safeguards, both technical and nontechnical, in a given environment.
Certification Authority (CA): In a PKI, the CA issues certificates, maintains and publishes status information and certification revocation lists (CRL’s) and maintains archives.
Chain of Custody (or chain of evidence): Provide accountability and protection for evidence throughout that evidence’s entire life cycle.
Challenge Handshake Authentication Protocol (CHAP): A remote access control protocol that uses a three-way handshake to authenticate both a peer an a server.
Change management: The formal business process that ensures all change made to a system are properly requested, reviewed, approved and implemented.
Chosen plaintext attack: An attack technique in which the cryptanalyst selects the plaintext to be encrypted and then analyzed the resulting cipher-text.
C-I-A : Confidentiality, Integrity, and Availability
Cipher: A cryptographic transformation.
Cipher Block Chaining (CBC): One of four operating modes for DES operate on 64-Bits blocks of plaintext to produce 64-bits blocks of cipher-text. Each block is XORed with the cipher-text of the proceeding block, creating a dependency (or chain), thereby producing a more random cipher-text result.CBC is the most common mode of DES operation.
Cipher FeedBack (CFB): One of four operating modes for DES. CFB is a stream cipher most often used to encrypt individual characters. In this mode, previously generated cipher-text is used as feedback for key generation in the next keystream, and the resulting cipher-text is chained together. See also Cipher Block Chaining (CBC), Electronic Code Book(ECB) and Output FeedBack (OFB)
Ciphertext: A plaintext message that has been transformed (encrypted) into a scrambled message that’s unintelligible.
Circumstantial evidence: Relevant fact that can’t be directly or conclusively connected to over events, but about which a reasonable inference can be made.
Civil (or tort) law: Legal codes that address wrongful acts committed against an individual or business, either willfully or negligently, resulting in damage, loss, injury, or death. Unlike criminal law U.S civil law cases are determined based on a preponderance of evidence, and punishment are limited to fines.
Clark-Wilson Model: A formal integrity model that addresses all three goals of integrity (Preventing unauthorized users from making ay changes, preventing authorized user from making incorrect changes, and maintaining Internal and external consistency) and identifies special requirements for inputting data.
Classification: The process of assigning to a document a security label that defines how the document should be handled.
Closed system: A system that uses proprietary hardware and/or software that may not be compatible with other systems or components.
Cluster: A system or network configuration containing multiple redundant nodes for resiliency.
Clustering (or key clustering): When identical cipher-text messages are generated from a plaintext message by using the same encryption algorithm but different encryption keys.
Code of ethics: A formal statement that defines ethical behavior in a given organization or profession.
Cold site: An alternative computer facility that has electricity and HVAC, but not computer equipment located onsite.
Common Criteria: An international effort to standardize and improve existing European and North American information systems security evaluation criteria.
Compensating Controls: Control that are implemented as an alternative to other preventive, detective, corrective, deterrent, or recovery controls.
Compensatory damages: Actual damages to the victim including attorney/legal fees, lost profits, investigative costs.
Complex-Instruction-Set-Computing (CISC): A microprocessor instruction set architecture in which each instruction can execute several lo-level operation. See Also Reduced-Instruction-Set-Computing (RISC).
Computer Emergency Response Team (CERT): A team that comprises individuals who are properly trained in incident response and investigation.
Computer Incidence Response Team (CIRT): Same CERT but not certified by Carnegie Mellon University
Concealment cipher: A technique of hiding a message in plain sight. The key is knowing where the message lies.
Concentrator: A network device used to connect several LAN devices together. Also know as a HUB.
Conclusive evidence: Incontrovertible and irrefutable
Confidentiality: Prevent the unauthorized use or disclosure of information, ensuring that information is accessible only to those authorized to have access to the information.
Confidentiality Agreement: See Non disclosure Agreement (NDA)
Configuration Management: The process of recording all changes to information systems.
Continuity of Operation Planning (COOP): A blending of disaster recovery planning (DRP) and Business Continuity Planning (BCP) into a single coordinated activity.
Copyright: A form of legal protection granted to the author(s) of “original works of authorship,”both published and and unpublished.
Corrective Controls: Controls that remedy violation and incidents or improve existing preventing and detective controls.
Corroborative evidence: Evidence that support or substantiates other evidence presented in a legal case.
Countermeasure: A device, control, or action required to reduce the impact or probability of a security incident.
Covert channel: A unintended communication path; it may be a covert storage, channel or a covert timing channel.
Criminal law: Defines those crimes committed against society, even when the actual victim is a business or individual(s). Criminal laws are enacted to protect the general public. Unlike civil law, U.S. criminal cases are decided when a party is guilty beyond a reasonable doubt and punishment may include fines, incarceration, and even execution.
Criticality Assessment: The part of BIA that ranks the criticality of business processes and IT Systems.
Cross-Frame-Scripting (XFS): See Frame injection.
Crossover Error rate (CER): In biometric access control systems, the point of which the FRR equals the FAR, stated as a percentage.
Cross-site request forgery (CSRF): An attack where an attacker is attempting to trick a victim into clicking a link that will perform an action the victim would not otherwise approve.
Cross-Site Scripting (XSS): An attack where an attacker is attempting to inject client-side script into web pages viewed by other intended victims.
Cryptanalysis: The science of deciphering cipher-text without using the cryptographic key.
Cryptography: The science of encrypting and decrypting information, such as a private message, to protect its confidentiality, and/or authenticity
Cryptology: The science that encompasses both cryptography and cryptanalysis.
Cryptosystem: The hardware or software implementation that transforms plaintexts into ciphertext (Encrypts) and back into plaintext (decrypts).
Culpable negligence: A legal term that may describe an organization’s failure to follow a standard of due care in the protection of its assets and thereby expose the organization to a legal claim.
Custodian: An individual who has day-to-day responsibility for protecting information assets.