C
- CA
See certificate authority (CA).
- Carlisle Adams Stafford Tavares (CAST)
A type of symmetric block cipher defined by RFC 2144.
- CAST
See Carlisle Adams Stafford Tavares (CAST).
- CC
See Common Criteria (CC).
- CCRA
See Common Criteria Recognition Agreement (CCRA).
- central office
The primary office from which most resources extend.
- certificate
A digital entity that establishes who you are and is often used with e-commerce. It contains your name and other identifying data.
- certificate authority (CA)
An issuer of digital certificates (which are then used for digital signatures or key pairs).
- certificate policies
Policies governing the use of certificates.
- Certificate Practice Statement (CPS)
The principles and procedures employed in the issuing and managing of certificates.
- certificate revocation
The act of making a certificate invalid.
- Certificate Revocation List (CRL)
A list of digital certificate revocations that must be regularly downloaded to stay current.
- chain of custody
The log of the history of evidence that has been collected.
- Challenge Handshake Authentication Protocol (CHAP)
A protocol that challenges a system to verify identity. CHAP is an improvement over Password Authentication Protocol (PAP) in which one-way hashing is incorporated into a three-way handshake. RFC 1334 applies to both PAP and CHAP.
- change documentation
Documentation required to make a change in the scope of any particular item. In the realm of project management, a change document is a formal document requiring many signatures before key elements of the project can be modified.
- CHAP
See Challenge Handshake Authentication Protocol (CHAP).
- checkpoint
A certain action or moment in time that is used to perform a check. It allows a restart to begin at the last point the data was saved as opposed to from the beginning.
- checksum
A hexadecimal value computed from transmitted data that is used in error-checking routines.
- cipher
See cryptographic algorithm.
- circuit switching
A switching method where a dedicated connection between the sender and receiver is maintained throughout the conversation.
- Clark-Wilson model
An integrity model for creating a secure architecture.
- clear text
Unencrypted text that can be read with any editor.
- client
The part of a client/server network where the computing is usually done. In a typical setting, a client uses the server for remote storage, backups, or security (such as a firewall).
- client/server network
A server-centric network in which all resources are stored on a file server and processing power is distributed among workstations and the file server.
- clipper chip
An early encryption system from the NSA for civilian use; it was a hardware implementation of the skipjack encryption algorithm.
- clustering
A method of balancing loads and providing fault tolerance.
- coax
A type of cabling used in computer networks.
- code escrow
The storage and conditions for release of source code provided by a vendor, partner, or other party.
- cold site
A physical site that has all the resources necessary to enable an organization to use it if the main site is inaccessible (destroyed). Commonly, plans call for turning to a cold site within a certain number of hours after the loss of the main site.
- collection of evidence
The means and orderly fashion by which evidence is collected, identified, and marked.
- collusion
An agreement between individuals to commit fraud or deceit.
- Common Criteria (CC)
A document of specifications detailing security evaluation methods for IT products and systems.
- Common Criteria Recognition Agreement (CCRA)
A set of standards, formerly known as the Mutual Recognition Agreement (MRA), that defines Evaluation Assurance Levels (EALs).
- Common Gateway Interface (CGI)
An older form of scripting that was used extensively in early web systems.
- companion virus
A virus that creates a new program that runs in place of an expected program of the same name.
- compartmentalization
Standards that support a nonhierarchical security classification.
- confidentiality
Assurance that data remains private and no one sees it except for those expected to see it.
- configuration management
The administration of setup and changes to configurations.
- connectionless
Type of communications between two hosts that have no previous session established for synchronizing sent data. The data isn't acknowledged at the receiving end. This method can allow data loss. Within the TCP/IP suite, User Datagram Protocol (UDP) is used for connectionless communication.
- connection-oriented
Type of communications between two hosts that have a previous session established for synchronizing sent data. The receiving PC acknowledges the data. This method allows for guaranteed delivery of data between PCs. Within the TCP/IP suite, TCP is used for connection-oriented communications.
- cookie
A plain-text file stored on your machine that contains information about you (and your preferences) and is used by a database server.
- CPS
See Certificate Practice Statement (CPS).
- cracker
See hacker.
- CRC
See cyclical redundancy check (CRC).
- critical business functions
Functions on which the livelihood of the company depends.
- CRL
See Certificate Revocation List (CRL).
- cryptanalysis
The study and practice of finding weaknesses in ciphers.
- cryptanalyst
A person who does cryptanalysis.
- cryptographer
A person who participates in the study of cryptographic algorithms.
- cryptographic algorithm
A symmetric algorithm, also known as a cipher, used to encrypt and decrypt data.
- cryptography
The field of mathematics focused on encrypting and decrypting data.
- custodian
An individual responsible for maintaining the data, and the integrity of it, within their area.
- cyclical redundancy check (CRC)
An error-checking method in data communications that runs a formula against data before transmission. The sending station then appends the resultant value (called a checksum) to the data and sends it. The receiving station uses the same formula on the data. If the receiving station doesn't get the same checksum result for the calculation, it considers the transmission invalid, rejects the frame, and asks for retransmission.