C

Question 1

Callback

Answer 1

A procedure for identifying a system that accessed an environment remotely. In a callback, the host system disconnects the caller and then dials… TBD

Question 2

Capability

Answer 2

A capability outlines the objects a subject can access and the operations
the subject can carry out on the different objects. It indicates the access rights for a specific
subject; many times, the capability is in the form of a ticket.

Question 3

Capability maturity model integration (CMMI)

Answer 3

A process model that captures the organization’s maturity and fosters continuous improvement.

Question 4

Certification

Answer 4

The technical evaluation of the security components and their compliance
for the purpose of accreditation. A certification process can use safeguard evaluation,
risk analysis, verification, testing, and auditing techniques to assess the appropriateness
of a specific system processing a certain level of information within a particular environment.
The certification is the testing of the security component or system, and the accreditation
is the approval from management of the security component or system.

Question 5

Challenge/ response method

Answer 5

A method used to verify the identity of a subject
by sending the subject an unpredictable or random value. If the subject responds with
the expected value in return, the subject is authenticated.

Question 6

Ciphertext

Answer 6

Data that has been encrypted and is unreadable until it has been converted
into plaintext.

Question 7

Clark-Wilson model

Answer 7

An integrity model that addresses all three integrity goals:
prevent unauthorized users from making modifications, prevent authorized users from
making improper modifications, and maintain internal and external consistency
through auditing.

Question 8

Classification

Answer 8

A systematic arrangement of objects into groups or categories according
to a set of established criteria. Data and resources can be assigned a level of
sensitivity as they are being created, amended, enhanced, stored, or transmitted. The
classification level then determines the extent to which the resource needs to be controlled
and secured, and is indicative of its value in terms of information assets.

Question 9

Cleartext

Answer 9

In data communications, cleartext is the form of a message or data which
is transferred or stored without cryptographic protection.

Question 10

Cloud computing

Answer 10

The use of shared remote computing devices for the purpose of providing improved efficiencies, performance, reliability, stability, and security.

Question 11

Collusion

Answer 11

Two or more people working together to carry out a fraudulent activity.
More than one person would need to work together to cause some type of destruction
or fraud; this drastically reduces its probability.

Question 12

Communication security

Answer 12

y Controls in place to protect information as it is being

transmitted, especially by telecommunications mechanisms.

Question 13

Compartment

Answer 13

A class of information that has need-to-know access controls beyond
those normally provided for access to confidential, secret, or top-secret information.
A compartment is the same thing as a category within a security label. Just because
a subject has the proper classification, that does not mean it has a need to know. The
category, or compartment, of the security label enforces the subject’s need to know.

Question 14

Compensating controls

Answer 14

Controls that are alternative procedures designed to reduce

the risk. They are used to “counterbalance” the effects of an internal control weakness.

Question 15

Compromise

Answer 15

A violation of the security policy of a system or an organization such
that unauthorized disclosure or modification of sensitive information occurs.

Question 16

Computer fraud

Answer 16

Computer-related crimes involving deliberate misrepresentation,
modification, or disclosure of data in order to compromise a system or obtain
something of value.

Question 17

Confidentiality

Answer 17

A security principle that works to ensure that information is not
disclosed to unauthorized subjects.

Question 18

Configuration management

Answer 18

The identification, control, accounting, and documentation
of all changes that take place to system hardware, software, firmware, supporting
documentation, and test results throughout the lifespan of the system.

Question 19

Confinement

Answer 19

Controlling information in a manner that prevents sensitive data
from being leaked from a program to another program, subject, or object in an unauthorized
manner.

Question 20

Contingency plan

Answer 20

A plan put in place before any potential emergencies, with the
mission of dealing with possible future emergencies. It pertains to training personnel,
performing backups, preparing critical facilities, and recovering from an emergency or
disaster so that business operations can continue.

Question 21

Control zone

Answer 21

The space within a facility that is used to protect sensitive processing
equipment. Controls are in place to protect equipment from physical or technical unauthorized
entry or compromise. The zone can also be used to prevent electrical waves
carrying sensitive data from leaving the area.

Question 22

Copyright

Answer 22

A legal right that protects the expression of ideas.

Question 23

Cost/ benefit analysis

Answer 23

An assessment that is performed to ensure that the cost of a
safeguard does not outweigh the benefit of the safeguard. Spending more to protect an asset
than the asset is actually worth does not make good business sense. All possible safeguards must be evaluated to ensure that the most security-effective and cost-effective
choice is made.

Question 24

Countermeasure

Answer 24

A control, method, technique, or procedure that is put into place
to prevent a threat agent from exploiting a vulnerability. A countermeasure is put into
place to mitigate risk. Also called a safeguard or control.

Question 25

Covert channel

Answer 25

A communications path that enables a process to transmit information
in a way that violates the system’s security policy

Question 26

Covert storage channel

Answer 26

A covert channel that involves writing to a storage location
by one process and the direct or indirect reading of the storage location by another
process. Covert storage channels typically involve a resource (for example, sectors
on a disk) that is shared by two subjects at different security levels.

Question 27

Covert timing channel

Answer 27

A covert channel in which one process modulates its system
resource (for example, CPU cycles), which is interpreted by a second process as
some type of communication.

Question 28

Cryptanalysis

Answer 28

The practice of breaking cryptosystems and algorithms used in encryption
and decryption processes.

Question 29

Cryptography

Answer 29

The science of secret writing that enables storage and transmission
of data in a form that is available only to the intended individuals.

Question 30

Cryptology

Answer 30

The study of cryptography and cryptanalysis

Question 31

Cryptosystem

Answer 31

The hardware or software implementation of cryptography.