C(s) Flashcards
Cable modem
Provide Internet access via broadband cable TV
Cache memory
The fastest memory on the system, required to keep up with the CPU as it fetches and executes instructions
Caesar Cipher
A rot-3 substitution cipher
Callback
Modern-based authentication system
Caller ID
Identifies the calling phone number, sometimes used as a weak authentication method
Candidate keys
Any attribute (column) in the table with unique values
CMM
Capability Maturity Model, a maturity framework for evaluating and improving the software development process
CSMA
Carrier Sense Multiple Access, a method used by Ethernet networks to allowed shared usage of a baseband network, and avoid collisions
CASE
Computer-aided software engineering, uses programs to create assist in the creation and maintenance of other computer programs
CBC
Cipher Block Chaining , a block mode of DES that XORs the previous encrypted block of cipher-text to the next block plaintext to be encrypted
CCD
Charged Couple Discharge, a digital CCTV
CCMP
Counter Mode CBC MAC Protocol, used by WPA2 to create a MIC
CCTV
Closed Circuit Television, a detective device used to aid guards in in detecting the presence of intruders in restricted areas
CDN
Content Distribution Networks (also Content Delivery Networks) use a series of distributed caching servers to improve performance and lower the latency of downloaded online content
CPU
Central Processing Unit, the “brains” of the computer, capable of controlling and performing mathematical calculations
Centralized access control
Concentrates Access control in one logical point for a system or organization
CER
Crossover error rate, describes the point where the false reject rate(FRR) and false accept rate(FAR) are equal
Certificate Authority
PKI component that authenticates the identity of a person or organization before issuing a certificate to them
CRL
Certificate Revocation Lists, PKI component which lists digital certificates that have been revoked
Certification
A detailed inspection that verifies whether a system meets the documented security requirements
CFB
Cipher Feedback, a stream mode DES that is similar to block-mode CBC
Chain of custody
Requires that once evidence is acquired, full documentation regarding who, what, when, and where evidence was handled is maintained
Chaining
Block cipher mechanism that seeds the previous Encrypted block into the next block to be encrypted
CHAP
Challenge Handshake Authentication Protocol, a more secure network authentication protocol that uses a shared secret
Change management
The process of understanding, communicating , and documenting changes
CSU/DSU
Channel Service Unit/Data Service Unit, DCE device
Checklist testing
Lists all necessary components required for successful recovery, and ensures that they are, or will be , readily available should a disaster occur. Also known as consistency testing
CIA triad
Confidentiality, integrity, and availability
CIDR
Classless Inter-Domain Routing, allows for many network sizes beyond the arbitrary state-full network sizes
Cipher
A cryptographic algorithm
Cipher disk
Cryptographic device that uses two concentric disks each with alphabet around the periphery
Ciphertext
An encrypted message
Circuit-level proxy
Proxy firewall that operates at Layer 5
Circuit-switched network
Network that provides a dedicated circuit or channel between two nodes
Circumstantial evidence
Evidence that serves to establish the circumstances related to particular points or even other evidence
CIRT
Computer Incident Response Team, a team that performs incident handling
CISC
Complex Instruction Set Computer, CPU instructions that are longer and more powerful
Civil law
Law that resolves disputes between individuals or organizations
Civil law (legal system)
Legal system that leverages codified laws or statutes to determine what is considered within the bounds of law
Clark-Wilson
Real-world integrity model that protects integrity by having subjects access objects via programs
Class I gate
Residential gate designed for home use
Class II gate
Commercial gate, such as a parking garage gate
Class III gate
Industrial/limited access gate, such as a large loading dock
Class IV gate
Restricted access gate, used at an airport or prison
Classful addresses
IPv4 Networks in classes A through E
Clearance
A determination, typically made by a senior security professional, about whether or not a user can be trusted with a specific level of information
Client-side attacks
Attack where a user downloads malicious content
Clipper Chip
(Failed) 1993 Escrowed Encryption Standard (EES), which used the Skipjack algorithm
Clipping level
A minimum reporting threshold level
Closed source
Software released in executable form: the source code is kept confidential
Closed system
System using proprietary hardware or software
CMP
Crisis Management Plan
Coaxial
Network cabling that has an inner copper core separated by an insulator from a metallic braid or shield
COBIT
Control Objectives for Information and related Technology, a control framework for employing information security governance best practices within an organization
COCOM
Committee for Multilateral Export Controls, a munitions law which was in effect from 1947 to 1994. It was designed to control the export of critical technologies (including cryptography) to “Iron Curtain” countries during the Cold War
Code Repositories
Secure service for storing source code of projects, a public example is GitHub
Codebreakers(The)
David Kahn’s history of cryptography
Cohesion
OOP concept that describes an independent object. Objects with high cohesion have low coupling
Cold site
A backup site with raised floor, power, utilities, and physical security, and no configured systems or data
Collection Limitation Principle
OECD Privacy Guideline Principle which states personal data collection should have limits, be obtained in a lawful manner, and, unless there is a compelling reason to the contrary, with the individuals knowledge and approval
Collision
Two or more plaintexts that generate the same hash
Collusion
An agreement between two or more individuals to subvert the security of a system
Color of law
Acting on the authority of law enforcement
COM
Component Object Model, locates, and connects objects locally
Combinatorial software testing
Black box testing method that seeks to identify and test all unique combinations of software inputs
Commandments of Computer Ethics
The Computer Ethnics Institute code of ethics
Commit
Makes changes to a database permanent
Common criteria
An internationally agreed upon standard for describing and testing the security of IT products
CORBA
Common Object Request Broker Architecture, an open vendor-neutral networked object broker framework
Compartmentalization
Technical enforcement of need to know
Compensating Controls
Additional security controls put in place to compensate for weaknesses in other Controls
Compensatory damages
Damages provides as compensation
Compiler
Convert source code, such as C or Basic , and compile it into machine code
Computer bus
The primary communication channel on a computer system
Computer crimes
Crimes using computers
Computer Fraud and Abuse Act
Title 18 United States Code Section 1030
CSIRT
Computer Security Incident Response Team, the group that is tasked with monitoring, identifying, and responding to security incidents
COTS
Commercial Off-the-Shelf Software, third-party developed commercial software available to the general public
BIA
Conduct the business impact analysis (BIA) second step of the NIST SP 800-34 contingency planning process
Confidentiality
Seeks to prevent the unauthorized disclosure of information
Configuration management
The process of developing a consistent system security configuration that can be leveraged throughout an organization
Confusion
The relationship between the plaintext and cipher-text should be as confused (or as random) as possible
Containment phase
Incident response phase that attempts to keep further damage from occurring as a result of the incident
Content-dependent Access control
Adds additional criteria beyond identification and authentication: the actual content the subject is attempting to access
Context-dependent Access control
Adds additional criteria beyond identification and authentication: the context of the access, such as time
COOP
Continuity of Operations Plan, a plan to maintain operations during a disaster
Continuity of Support Plan
Focuses narrowly on a support of specific IT systems and applications
CPPT
Continuity planning project team, a team comprised of stakeholders within an organization and focuses on identifying who would need to play a role if a specific emergency event were to occur
Contraband check
Seek to identify objects that are prohibited to enter a secure perimeter (such as an airplane)
Control Unit
CPU component that acts as a traffic cop, sending instructions to the ALU
Convergence
All routers on a network agree on the state of routing
Corrective Comtrols
Controls that correct a damaged system or process
Corroborative evidence
Evidence that provides additional support for a fact that might have been called into question
CTR
Counter, a stream mode of DES that uses a counter for feedback
Coupling
OOP concept that connects objects to others. Highly coupled objects have low cohesion
Covert channel
Any communication that violates security policy
Cracker
A black hat hacker
Criminal law
Law where the victim can be seen as society itself
Crippleware
Partially functioning proprietary software, often with key features disabled. The user is typically required to make a payment to unlock the full functionality
Crossover
Genetic algorithm concept that combines two algorithms
Cross-site scripting
Or XSS , third-party execution of web scripting languages such as JavaScript within the security context of a trusted site
Cryptanalysis
The science of breaking encrypted messages (recovering their meaning)
Cryptographic Protocol governance
Describes the process of selecting the right cipher and implementation for the right job
Cryptography
Science of creating messages whose meaning is hidden
Crypytology
The science of secure communication
CSRF
Cross-site request forgery, third-party redirect of static content within the security context of a trusted site
Custodian
Provides hands-on protection of assets
Customary law
Customs or practices that are so commonly accepted by a group that the custom is treated as a law
CWR
New TCP flag, congestion window reduced
Cyber Incident response plan
Plan designed to respond to disruptive cyber events , including network-based attacks, worms, computer viruses, Trojan horses
Cybersquatting
Registering internet domain names associated with another organization’s intellectual property
