C Flashcards
Capability Maturity Model Integration (CMMI)
An integrated model of best practices that enable businesses to improve performance by improving their processes. Product teams developed the model with global members from across industry. The CMMI provides
a best-practice framework for building, improving, and sustaining process capability.
Certificate (Certification) authority (CA)
A trusted third party that serves authentication infrastructures or enterprises and registers entities and issues them certificates
Certificate revocation list (CRL)
An instrument for checking the continued validity of the certificates for which the certification authority (CA) has responsibility
Certification practice statement (CPS)
A detailed set of rules governing the certificate authority’s operations. It provides an understanding of the value and trustworthiness of certificates issued by a given certificate authority (CA).
Chain of custody
The process of evidence handling from collection to presentation that is necessary to maintain the validity and integrity of evidence
Challenge/response token
A method of user authentication that is carried out through use of the Challenge Handshake Authentication Protocol (CHAP).
Change management
A methodical approach for controlling and implementing changes in a planned and structured manner (CMMI)
Change management
A holistic and proactive approach to managing the transition from a current to a desired organizational state, focusing specifically on the critical human or “soft” elements of change (ISACA)
Checksum
A checksum value is generated by an algorithm and associated with an input value and/or whole input file. The checksum value can be used to assess its corresponding input data or file later and verify that the input has not
been maliciously altered. If a subsequent checksum value no longer matches the initial value, the input may have been altered or corrupted.
Chief information officer (CIO)
The most senior official of the enterprise who is accountable for IT advocacy, aligning IT and business strategies, and planning, resourcing and managing the delivery of IT services, information and the deployment of associated human resources
Chief information security officer (CISO)
The person in charge of information security within the enterprise
Chief security officer (CSO)
The person usually responsible for all physical and digital security matters in an enterprise
Chief technology officer (CTO)
The individual who focuses on technical issues in an enterprise.
COBIT
A broad and comprehensive I&T governance and management framework and continues to establish itself as a generally accepted framework for I&T governance. Formerly known as Control Objectives for Information and related Technology.
Compensating control
An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions.
Computer forensics
The application of the scientific method to digital media to establish factual information for judicial review
Confidentiality
Preserving authorized restrictions on access and disclosure, including means for protecting privacy and proprietary information
Content filtering
Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules.
Contingency plan
A plan used by an enterprise or business unit to respond to a specific systems failure or disruption.
Contingency planning
Process of developing advance arrangements and procedures that enable an enterprise to respond to an event that could occur by chance or unforeseen circumstances.
Continuous monitoring
The process implemented to maintain a current security status for one or more information systems or for the entire suite of information systems on which the operational mission of the enterprise depends.
Control center
Hosts the recovery meetings where disaster recovery operations are managed
Control
The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management or legal nature
Corporate governance
The system by which enterprises are directed and controlled. The board of directors is responsible for the governance of their enterprise. It consists of the leadership and organizational structures and processes that
ensure the enterprise sustains and extends strategies and objectives.
COSO
Committee of Sponsoring Organizations of the Treadway Commission
Cost-benefit analysis
An analysis that relies on the addition of positive factors and the subtraction of negative factors to determine a net result, and is a method used to build a business case to support a risk response.
Countermeasure
Any process that directly reduces a threat or vulnerability
Criticality analysis
An analysis to evaluate resources or business functions to identify their importance to the enterprise, and the impact if a function cannot be completed or a resource is not available.
Criticality
The importance of a particular asset or function to the enterprise, and the impact if that asset or function is not available
Cryptography
The study of mathematical techniques related to aspects of information security, such as confidentiality, data integrity, entity authentication and data origin authentication
Cyclical redundancy check (CRC)
A method to ensure that data have not been altered after being sent through a communication channel
