C2: Class C2
Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and is granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests. A C2 rating ensures the minimum allowable levels of confidence demanded for government agencies and offices and other organizations that process classified or secure information.
CA certificate
CA certificates are digital certificates issued by one certification authority (CA) for another CA. CA certificate identifies the certification authority (CA) that issues server and client authentication certificates to the servers and clients that request these certificates. Because it contains a public key used in digital signatures, it is also referred to as a signature certificate. If the CA is a root authority, the CA certificate may be referred to as a root certificate.
CA hierarchy
CA hierarchy, also called a hierarchy of trust, is a hierarchical collection of certificate authorities (CAs) bound together by trust relationships.
CA: Certification Authority
In the Public Key Infrastructure (PKI), a certification authority is a trusted third party who confirms the identity of an organization or individual (an entity). The CA will first satisfy itself that the entity is exactly who or what it claims to be, and will then issue that entity with a "certificate". Basically, CA is an authority in a network that issues and manages security credentials and public keys for message encryption.
CA-ACF2: Computer Associates Access Control Facility
CA-ACF2, namely Computer Associates Access Control Facility, is a set of programs from Computer Associates that enable security on mainframes. It is also called ACF2 which prevents accidental or deliberate modification, corruption, mutilation, deletion, or viral infection of files.
Cache
Cache is a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching.
Cache Cramming
Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions.
Cache Poisoning
Cache poisoning happens when malicious or misleading data from a remote domain name server is saved [cached] by another name server. This attack typically used to attack DNS cache.
Cain & Abel
Cain & Abel is a free password recovery tool for Microsoft OS. It allows recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources.
CALEA: Communications Assistance for Law Enforcement Act
Communications Assistance for Law Enforcement Act (CALEA) is an US law established in 1994 that defines obligations of telecommunications carriers to assist law enforcement in executing electronic surveillance (or wiretapping) pursuant to court order or other lawful authorization. The purpose of CALEA is to preserve the ability of law enforcement to conduct electronic surveillance in the face of rapid advances in telecommunications technology.
California Security Breach Information Act
The California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised
Callback
Callback, in the context of network security, refers to a security method used in remote access. With the callback feature, the user initiates a call and connects with the remote access server. After authentication and authorization, the remote access server then drops the call and calls back a moment later to a negotiated or preassigned callback number.
Caller ID Spoofing
Caller ID spoofing allows a caller to identify himself as someone else by falsifying the number that appears on the recipient's caller ID display.
Canonicalization error
Canonicalization error refers to a coding error that can cause applications to be vulnerable to attack.
CAN-SPAM: Controlling the Assault of Non-Solicited Pornography and Marketing Act
The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) is an US anti-spam law. It requires that unsolicited commercial e-mail messages be labeled and that they include opt-out instructions and the sender's physical address.
CAP: Certification and Accreditation Professional
Certification and Accreditation Professional (CAP), a certification program provided by the International Information Systems Security Certification Consortium (ISC2), is designed to certify qualified personnel to assess and manage the risks of security threats to information systems. CAP is co-developed by the U.S. Department of State's Office of Information Assurance and (ISC)². The CAP credential is an objective measure of the knowledge, skills and abilities required for personnel involved in the Certification and Accreditation process. Specifically, the credential applies to professionals responsible for formalizing processes used to assess risk and establish security requirements, as well as ensure information systems possess security commensurate with the level of exposure to potential risks.
CAPI: CryptoAPI
CryptoAPI (CAPI) is a set of application programming interfaces (APIs) for cryptography built into Microsoft Windows platforms.
CAPICOM
CAPICOM is a Component Object Model (COM) interface for the Microsoft CryptoAPI (CAPI) programming interface.
Capture
Capture is the process or means of obtaining and storing network traffic data including images or sounds, for real-time analysis or use at a later time.
Carding
Carding, also called phishing or brand spoofing, is a scam on the Internet where the perpetrator sends out legitimate-looking e-mails appearing to come from some of the Web's biggest sites in an effort to phish for personal and financial information from the recipient.
Carnivore
Carnivore is a "network diagnostic tool" or "sniffer" type of tools created by the U.S. Federal Bureau of Investigation (FBI) to assist in crime investigations. It is a software running on Windows OS. Carnivore is similar to other commercial network sniffers tools, except that Carnivore has drawn special attention, however, because of the large amount of Internet traffic, it is capable of capturing. The FBI typically installs Carnivore in an ISP data center when investigating individuals suspected of federal crimes.
CAS: Code access security
Code access security(CAS) is a code security mechanism built into Microsoft Windows .NET Framework.
CAST
CAST is a family of DES-like symmetric block ciphers developed by C. M. Adams and S. E. Tavares. PROV_MS_EXCHANGE provider types specify a particular CAST algorithm that uses a 64-bit block size.
CBAC: Context-based Access Control
Context-Based Access Control (CBAC) is a feature of firewall that actively inspects the activity behind a firewall. CBAC specifies what traffic needs to be let in and what traffic needs to be let out by using access lists. CBAC access lists include IP inspect statements that allow the inspection of the protocol to make sure that it is not tampered with before the protocol goes to the systems behind the firewall. CBAC provides internal users with secure access control for each application and for all traffic across network perimeters. CBAC enhances security by scrutinizing both source and destination addresses and by tracking each application's connection status.
CBC: Cipher Block Chaining
Cipher Block Chaining (CBC) is a mode of operation for a block cipher, one in which a sequence of bits is encrypted as a single unit or block with a cipher key applied to the entire block. Cipher block chaining uses what is known as an initialization vector (IV) of a certain length. CBC prevents the problems associated with Electronic Codebook (ECB), where every block of "plain text" maps to exactly one block of "cipher text" by having each encrypted block XORed with the previous block of ciphertext. In this way, identical patterns in different messages are encrypted differently, depending upon the difference in the previous data.
CCA: Common Cryptographic Architecture
Common Cryptographic Architecture (CCA) is a cryptographic architecture developed by IBM for its computing platforms.
CCITS: Canadian Centre for Information Technology Security
Canadian Centre for Information Technology Security (CCITS) is an organization that provides education and research on computer security and high-tech criminal investigation.
CCM: Counter mode with Cipher-block chaining Message authentication code
Counter mode with Cipher-block chaining Message authentication code (CCM) is an encryption protocol in the 802.11i standard. The CCM protocol (CCMP) is based upon the CCM mode of the AES encryption algorithm and utilizes 128-bit keys, with a 48-bit initialization vector (IV) for replay detection.
CCMP: Counter mode with Cipher-block chaining Message authentication code Protcol
Counter mode with Cipher-block chaining Message authentication code Protocol(CCMP) is an encryption protocol in the 802.11i standard. The CCMP is based upon the CCM mode of the AES encryption algorithm and utilizes 128-bit keys, with a 48-bit initialization vector (IV) for replay detection.
cDc: Cult of the Dead Cow
cDc, abbreviated from "Cult of the Dead Cow", is a notorious group of underground hackers.
Cell Phone Spam
Cell phone spam, also known as SMS spam, is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
CER: Crossover Error Rate
Crossover Error Rate (CER) is a comparison metric for different biometric devices and technologies. It is the error rate at which the false acceptance rate (FAR) equals the false rejection rate (FRR). As an identification device becomes more sensitive or accurate, its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal, or cross over.
CERIAS: Center for Education and Research in Information Assurance and Security
Center for Education and Research in Information Assurance and Security (CERIAS) is a center for research and education in information security at Purdue University.
CERT: Computer Emergency Response Team
Computer Emergency Response Team (CERT) is an organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
Certificate BLOB
Certificate BLOB is a BLOB that contains the certificate data. A certificate BLOB is created by calls to CryptEncodeObject. The process is complete when the output of the call contains all the certificate data.
Certificate policy
Certificate policy is a named set of rules that indicate the applicability of certificates for a specific class of applications with common security requirements. Such a policy might, for example, limit certain certificates to electronic data interchange transactions within given price limits.
Certificate Service
Certificate Service refers to the software process that issues certificates for a particular certification authority (CA). It provides customizable services for issuing and managing certificates for the enterprise. Certificates can be used to provide authentication support, including secure e-mail, Web-based authentication, and smart card authentication.
Certificate store functions
Certificate store functions refer to the functions that manage the storage and retrieval data such as certificates, certificate revocation lists (CRLs), and certificate trust lists (CTLs). These functions can be separated into common certificate functions, certificate revocation list functions, and certificate trust list functions.
Certificate template
Certificate template is a Windows construct that profiles certificates (that is, it prespecifies the format and content) based on their intended usage. When requesting a certificate from a Windows enterprise certification authority (CA), certificate requesters are, depending on their access rights, able to select from a variety of certificate types that are based on certificate templates, such as User and Code Signing.
Certificate
Certificate, properly called a digital certificate in information security, refers to the encrypted information that guarantees that an encryption key belongs to a user.
Certificate request
Certificate request refers to a specially formatted message requesting a certificate from a certificate authority (CA).
Certificate server
Certificate server is a server that issues a certificate for a certificate authority (CA)
Certificate stor
Certificate store is a central database of certificates issued and maintained by a certificate authority (CA).
Certificate-Based Authentication
Certificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic.
Certification Request Syntax Standard
Certification Request Syntax Standard is a Public-Key Cryptography Standard (PKCS) that describes a syntax for certification requests. A certification request consists of a distinguished name, a public key, and additional attributes. Certification requests are sent to a CA, which then issues the certificate.
CET: Cisco Encryption Technology
Cisco Encryption Technology (CET) is a 40- and 56-bit Data Encryption Standard (DES) network layer encryption available since Cisco IOS Software Release 11.2.
CFB: Ciphertext Feedback
Ciphertext feedback (CFB) is a mode of operation for a block cipher. In contrast to the cipher block chaining (CBC) mode, which encrypts a set number of bits of plaintext at a time, it is at times desirable to encrypt and transfer some plaintext values instantly one at a time, for which ciphertext feedback is a method.
CGI: Common Gateway Interface
The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers such as HTTP servers. CGI scripts are commonly used on Web sites to achieve customised results. Generally, when the visitor performs some action, such as filling in a form or clicking on a link, the server executes a script using information input by the visitor. This allows the appearance or behaviour of the Web site to be customised for that visitor.
Cgi-Bin
cgi-bin is the usual name of the server directory in which CGI programs are held.
Chaffing
Chaffing, in the information technology, is the process of adding poor or useless part (chaff) to a packet. Winnowing is the reverse: to separate out or eliminate the poor or useless parts from the packet. Chaffing and winnowing are dual components of a privacy-enhancement scheme that does not require encryption. The technique consists of adding false packets to a message at the source, and then removing the false packets at the destination.
Chaffing and Winnowing
"Chaffing and winnowing" is a privacy-enhancement scheme without encryption. It consists of adding false packets to a message at the source (chaffing), and then removing the false packets at the destination (winnowing). The sender breaks the message into packets, and authenticates each packet, in which the "message authentication code" or "MAC" is computed as a function of the packet contents and the secret authentication key. The secret key is shared by the sender and the receiver to authenticate the origin and contents of each packet by the legitimate to determine that a packet is authentic by recomputing the MAC and comparing it to the received MAC.
Chain of Custody
Chain of Custody is the important application of the Federal rules of evidence and its handling.
Chaining mode
Chaining mode refers to a feedback mode of operation for block ciphers.
Challenge response authentication
Challenge response authentication is an authentication scheme that requires a correct reply be provided as response to a given challenge. The response is usually a value computed from an unpredictable challenge value. Passwords are not transmitted over the connection in the process
Challenge-Response
Challenge-Response is an authentication process that requires a correct reply be provided as response to a given challenge. The response is usually a value computed from an unpredictable challenge value.
CHAP: Challenge-Handshake Authentication Protocol
Challenge Handshake Authentication Protocol (CHAP) is used to periodically verify the identity of the peer using a 3-way handshake. This is done upon initial link establishment and may be repeated any time after the link has been established. CHAP uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks.
Checksum
Checksum is a value computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.
Chernobyl Virus
The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed. Since many files are executed during computer use, the virus is able to spread quickly and infect those files.
Chinese Wall Model
Chinese Wall Model is a security model proposed by Brewer and Nash to prevent information flow that can cause a conflict of interest. For example, write access is only granted if no other object containing unsanitized information can be read.
Chosen-CipHertext Attack
A chosen ciphertext attack is an attack on a cryptosystem in which the cryptanalyst chooses ciphertext and causes it to be decrypted with an unknown key. For a self-synchronizing stream cipher, a chosen ciphertext attack can be useful as the key used to encipher each byte depends on the previous ciphertext. It is possible to use a chosen ciphertext attack to get an arbitrary message signed with RSA, if messages are signed without hashing.
Chosen-Plaintext Attack
A chosen plaintext attack is a cryptanalysis technique in which the analyst tries to determine the key from knowledge of ciphertext that corresponds to plaintext selected (i.e., dictated) by the analyst.
Chroot jail
Chroot jail is a UNIX/Linux security measure for restricting file access.
CIAC: Computer Incident Advisory Capability
The Computer Incident Advisory Capability (CIAC) is the computer security incident response team for the US Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH).
Cipher
Cipher is a cryptographic algorithm for encryption and decryption. Ciphers can be classified according to whether they are symmetric or public key algorithms, and by whether they operate on their data as a stream or divided into blocks.
Cipher mode
Cipher mode is a mode of operation for a block cipher.
Ciphertext
Ciphertext is the encrypted form of the message being sent. Ciphertext can be transformed back into a readable form plaintext with the appropriate decryption key.
Ciphertext-Only Attack
Ciphertext-only attack is an attack with an attempt to decrypt ciphertext when only the ciphertext itself is available. This will almost inevitably require guessing some plaintext that might or will be associated.
Circuit Level Gateway/Firewall
A circuit level gateway is sometimes described as a second generation firewall. It is a fast unrestricted passage through the firewall based on predefined rules maintained in the TCP/IP kernel.
CIS: Center for Internet Security
Center for Internet Security (CIS) is a nonprofit organization that helps organizations manage risk associated with information system security.
CISA: Certificate Information Systems Auditor
Certificate Information Systems Auditor (CISA) is a widely-accepted certification in auditing, control, and security of information systems.
CISO: Chief Information Security Officer
Chief Information Security Officer(CISO) is the person in a company in charge of all issues related to computer and information security. The Chief Security Officer(CSO) is responsible for maintaining security within the company, including the physical security of staff, resources and information.
CISP: Cardholder Information Security Program
Cardholder Information Security Program (CISP), originally defined by VISA, provides a standard for protecting cardholder information.
CISSP: Certified Information System Security Professional
Certified Information Systems Security Professional (CISSP) is a certification program provided by International Information Systems Security Certification Consortium (ISC2) in the field of information security. CISSP certification provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement. The CISSP credential demonstrates competence in the 10 domains of the (ISC)² CISSP CBK. The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.
CITU: Central Information Technology Unit
Central Information Technology Unit (CITU) is a UK government organization responsible for Information Technology policy and strategy spanning government departments and for promoting the use of IT in the delivery of government services to the public.
Clark-Wilson Model
The Clark-Wilson model was developed to address security issues in commercial environments and is primarily concerned with the integrity of data. The model uses two categories of mechanisms to realize integrity: well-formed transactions and separation of duty.
Cleartext
Cleartext, also known as plaintext, refers to the information and data that has no cryption and is easily readable by human beings.
Client certificate
Client certificate refers to a certificate used for client authentication, such as authenticating a Web browser on a Web server. When a Web browser client attempts to access a secured Web server, the client sends its certificate to the server to allow it to verify the client's identity.
Clipper
Clipper is a chip developed by the US National Security Agency for voice and other information encryption. However, all details of how the Clipper chip work remain classified. In addition, it has an acknowledged trap door in it to allow the government to eavesdrop on anyone using Clipper provided they first obtained a wiretap warrant.
Clipper Chip
The Clipper chip by the US National Security Agency for voice and other information encryption is a tamper-resistant chip with a cryptographic processor that implements the Skipjack encryption algorithm and supports key escrow
Clogging attack
Clogging attack is a type of denial of service (DoS) attack against a public key cryptography system. In a clogging attack, the intruder attempts to deny service by overwhelming the resources of the client, server or network through generating large volumes of traffic, either replay or bogus.
Cloud Cover
Cloud Cover is a CESG project that aims to set standards to foster the development by industry of Public Key Infrastructure (PKI) products and services to meet the electronic key distribution requirements of HMG.
CMAC: Cipher-based Message Authentication Code
Cipher-based Message Authentication Code (CMAC) is an authentication algorithm defined by the National Institute of Standards and Technology (NIST). Also called NIST-CMAC, it is a keyed hash function that is based on a symmetric key block cipher, such as the Advanced Encryption Standard [NIST-AES]. CMAC is equivalent to the One-Key CBC MAC1 (OMAC1) submitted by Iwata and Kurosawa [OMAC1a, OMAC1b]. OMAC1 is an improvement of the eXtended Cipher Block Chaining mode (XCBC) submitted by Black and Rogaway [XCBCa, XCBCb], which itself is an improvement of the basic Cipher Block Chaining-Message Authentication Code (CBC-MAC). XCBC efficiently addresses the security deficiencies of CBC-MAC, and OMAC1 efficiently reduces the key size of XCBC. There are a few variations of CMAC is available, such as AES-CMAC and AES-CMAC-PRF-128 defined by IETF.
Cocooning
Cocooning is the act of insulating or hiding oneself from the normal social environment, which may be perceived as distracting, unfriendly, dangerous, or otherwise unwelcome, at least for the present. Technology has made cocooning easier than ever before.
Code access permissions
Code access permissions are used in the Microsoft .NET Framework to protect resources accessed by code from unauthorized use.
Code signing
Code signing refers to signing code with digital certificates to validate authenticity and integrity.
CodeRed
CodeRed is a worm that caused Web servers and routers to crash across the Internet.
Cold Site
A cold site is a type of disaster recovery service that provides office space, but the customer provides and installs all the equipment needed to continue operations. A hot site, on the other hand, is a commercial disaster recovery service that allows a business to continue computer and network operations in the event of a computer or equipment disaster. A cold site is less expensive, but it takes longer to get an enterprise in full operation after the disaster.
Common Criteria & Methodology for Information Technology Security Evaluation
Common Criteria & Methodology for Information Technology Security Evaluation, usually called Common Criteria, is an international effort to standardize criteria for evaluating the security of information systems.
Competitive Intelligence
Competitive Intelligence is espionage using legal, or at least not obviously illegal, means. Companies may have a competitive intelligence department to collect competitor's technology, product, financial and other intormation.
Compromised system
Compromised system refers to a computer system with unknown integrity because an attacker has gained illicit access.
Collision
A collision occurs when multiple systems transmit simultaneously on the same wire. An Ethernet network uses Carrier Sense Multiple Access/Collision Detect (CSMA/CD) to allow devices to take turns using the signal carrier line. When a device wants to transmit, it checks the signal level of the line to determine whether someone else is already using it. If a line is in use, the device waits and retries. If the line is not in use, the device transmits.
Computer Fraud
Computer Fraud means any fraud perpetrated by or on computers and therefore including Internet fraud.
Computer forensics
Computer forensics refers to obtaining evidence of criminal activity from information systems.
Confidentiality
Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.
Confidentiality agreement
Confidentiality agreement refers to an agreement between two parties to ensure the confidentiality of business information that they exchange.
Configuration Management
In the management of the various configurations of the hardware and software components, the four key elements of configuration management are: 1) Identify and document the functional and physical characteristics of configuration items. 2) Control changes to configuration items and their related documentation. 3) Record and report information needed to manage configuration items effectively, including the status of proposed changes and implementation status of approved changes. 4) Audit configuration items to verify conformance to specifications, drawings, interface control documents, and other contractual requirements.
Connection Hijacking
Connection hijacking, also known as Man In the Middle Attack, is an attack when a malicious party intercepts a legitimate communication between two hosts to controls the flow of communication and to eliminate or alter the information sent by one of the original participants without their knowledge. In this way, an attacker can fool a target into disclosing confidential information by “spoofing” the identity of the original sender or receiver.
Consensus baseline security settings
Consensus baseline security settings refer to a set of guidelines for securing computers running Microsoft Windows 2000 Professional.
Content Filtering
Content filtering is accomplished using a database of terminology, words and phrases that are compared to those emanating from the content of the Internet browser, emails and other applications. When accessing, receiving, or sending content, the data is analyzed against this database, and if a match occurs the data can be filtered, captured, blocked, and the application closed, or any combination thereof. Content filtering requires an agent on each workstation that checks the content data to determine whether it violates the organization's policy. If so, a record is stored on the server with user, time, date, application and violation stamp for reporting and review purposes.
Content Security
Content security is to protect the confidentiality, integrity and availability of data.
Cookie
Cookie is a message given to a Web browser by a Web server. A HTTP server, when sending data to a client(Web browser), may send along a cookie, which the client retains after the HTTP connection is closed. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections.
Cookie Poisoning
Cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft. The attacker may use the information to open new accounts or to gain access to the user's existing accounts.
COPPA: Children's Online Privacy Protection Act
The US Children's Online Privacy Protection Act(COPPA), which became effective on April 21, 2000, deals with the online collection of personal information from children under 13. It defines what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent and what responsibilities an operator has to protect children's privacy and safety online.
Corruption
Corruption, in information security, refers to a threat action that undesirably alters system operation by adversely modifying system functions or data.
Countersignature
Countersignature refers to a signature of an existing signature and message or a signature of an existing signature. A countersignature is used to sign the encrypted hash of an existing signature or to time-stamp a message.
Covert Channels
Covert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server and can be used to communicate information.
CPRM: Content Protection for Removable Media
Content Protection for Removable Media (CPRM) is a hardware-based technology designed to enforce copy protection restrictions through built-in mechanisms in storage media that would prevent unauthorized file copying.
CPS: Certification Practice Statement
A Certification Practice Statement(CPS) is a public statement of the practices for issuing and validating Certificates and for supporting reliance on Certificates.
Cracker
A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.
Cracking
Cracking is the act of breaking into a computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. .
CRAM: Challenge-Response Authentication Mechanism
Challenge-response authentication mechanism (CRAM) is the two-level (basic authentication and digest authentication) scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).
CRAMM: CCTA Risk Analysis and Management Method
The CCTA Risk Analysis and Management Method (CRAMM) is a formal and structured methodology for risk analysis. CRAMM is available from a number of commercial sources and consists of an assessment of assets and safeguards by an approved consultant and the subsequent production of a set of countermeasures to reduce risk.
CRC: Cyclic Redundancy Check
Cyclic Redundancy Check (CRC), also called "cyclic redundancy code", is a method of insuring data integrity where a calculation is performed using the binary representation of the data itself as the basis of the calculation. The CRC is the numerical result of this calculation and is held separately from the data. The integrity of the data is checked by calculating a new CRC. If the two CRCs match, then there is a high degree of confidence that the data has not changed.
Credentials
Credentials, in information security, refers to the information used to authenticate users on a system or network.
CRL: Certificate Revocation List
Certificate Revocation List (CRL) is a type of data structure that enumerates digital certificates that have been invalidated by their issuer prior to when they were scheduled to expire. Certificate Revocation List is one of two common methods when using a public key infrastructure for maintaining access to servers in a network. The other method is the Online Certificate Status Protocol (OCSP).
Cross-realm authentication
Cross-realm authentication refers to the situation when a Kerberos realm is configured so principals in one realm can authenticate to principals in another realm.
Cron
Cron is a Unix application that runs jobs for users and administrators at scheduled times of the day.
Cryptanalysis
Cryptanalysis is a mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the cipher text to plaintext without knowing the key.
Cryptographic Algorithm
Cryptographic Algorithm, also known as hash, is an algorithm that employs the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms.
Cryptographic Checksum
A cryptographic checksum is a mathematical value (called a checksum) that is assigned to a file and used to "test" the file at a later date to verify that the data contained in the file has not been maliciously changed.
Cryptographic Coprocessor
Cryptographic coprocessor is a specially designed processor for encryption and related processing. Such devices are built with numerous protection features that prevent unauthorized retrieval of their data as well as from having their circuits reverse engineered. A cryptographic coprocessor may provide only encryption, or it may include certain transaction processing. For example, a smart card coprocessor includes smart card functions in order to house them in the same protective environment as the encryption algorithm.
Cryptographic Coprocessor
Cryptographic coprocessor is a specially designed processor for encryption and related processing. Such devices are built with numerous protection features that prevent unauthorized retrieval of their data as well as from having their circuits reverse engineered. A cryptographic coprocessor may provide only encryption, or it may include certain transaction processing. For example, a smart card coprocessor includes smart card functions in order to house them in the same protective environment as the encryption algorithm.
Cryptographic key
Cryptographic key is the session (symmetric) key used during the encryption and decryption processes, and the public and private keys used during the authentication process. Of these three keys, the session key and private key must always remain secret.
Cryptographic Message Syntax Standard
Cryptographic Message Syntax Standard is a Public-Key Cryptography Standard (PKCS) which is the foundation for Secure/Multipurpose Internet mail Extensions (S/MIME).
Cryptographic Token Interface Standard
Cryptographic Token Interface Standard is a Public-Key Cryptography Standard (PKCS) that specifies an application program interface (API) for token devices that hold encrypted information and perform cryptographic functions, such as Smart Cards and USP pigtails.
Cryptographic hash function
Cryptographic hash function, often called hash function, is a mathematical function that generates a fixed-size result from arbitrary amounts of data.
Cryptography
Cryptography in information technology is typically concerned with the processes of scrambling plain/clear text into encrypted text at the sender’s end of a connection, and decrypting the encrypted text back into clear text at the receiver’s end. The goals of cryptography are information confidentiality, integrity, nonrepudiation, and authentication.
Cryptology
Cryptology is the branch of mathematics that encompasses both cryptography and cryptanalysis.
Cryptoperiod
A cryptoperiod (sometimes called a key lifetime or a validity period) is a specific time span during which a cryptographic key setting remains in effect. A key uses an algorithm to create ciphertext from plaintext (ordinary unencrypted text) and, for the receiver of the encrypted text, to decipher it.
Cryptosystem: Cryptographic System
Cryptographic System (Cryptosystem) provides user authenticatioon, encryption and decryption of data, and data integrity verification. It could be purely software if it's a cryptosystem designed to run on a standard computer; or it could be a specialist hardware and software combination.
CSD: Computer Security Division
The Computer Security Division (CSD) is a division of the National Institute of Standards and Technology (NIST) that focuses on information system security.
CSI: Computer Security Institute
The Computer Security Institute (CSI) is a membership organization dedicated to training information security professionals.
CSIRT: computer security incident response team
Computer security incident response team (CSIRT) is a term used by the CERT Coordination Center (CERT/ CC) to describe a service organization that responds to computer security incidents.
CSO: Chief Security Officer
The Chief Security Officer is the person in charge of maintaining security within a company. This would also include the physical security of staff, resources including information. For computer and information security, the person maybe called CISO (Chief Information Security Officer).
CSP family
CSP family is a unique group of Cryptographic service providers (CSPs) that use the same set of data formats and perform their function in the same way. Even when two CSP families use the same algorithm (for example, the RC2 block cipher), their different padding schemes, keys lengths, or default modes make each group distinct. CryptoAPI has been designed so that each CSP type represents a particular family.
CSP name
CSP name is the textual name of the Cryptographic service provider(CSP). If the CSP has been signed by Microsoft, this name must exactly match the CSP name that was specified in the Export Compliance Certificate (ECC).
CSP type
CSP type indicates the Cryptographic service provider(CSP) family associated with a provider. When an application connects to a CSP of a particular type, each of the CryptoAPI functions will, by default, operate in a way prescribed by the family that corresponds to that CSP type.
CSP: Cryptographic service provider
Cryptographic service provider (CSP) is an independent software module that actually performs cryptography algorithms for authentication, encoding, and encryption.
CSR: Certificate Signing Request
Certificate Signing Request(CSR), also known as certification request, is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate, in public key infrastructure systems. Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The CSR contains information identifying the applicant (such as a directory name in the case of an X.509 certificate), and the public key chosen by the applicant. The corresponding private key is not included in the CSR, but is used to digitally sign the entire request. The CSR may be accompanied by other credentials or proofs of identity required by the certificate authority, and the certificate authority may contact the applicant for further information.
CSS: Content Scrambling System
CSS combines player-host mutual authentication and data encryption. It is used by content providers (DVDs, CDs, e-Books) to prevent piracy and impose regional viewing restrictions. It is usually enforced by the DMCA and/or local copyright laws.
CSS: Cross Site Scripting (or XSS, Cross-Site Malicious Content)
Cross site scripting is sometimes abbreviated to 'CSS', but is better abbreviated to 'XSS' because of possible confusion with Cascading Style Sheets (a HTML coding practice).
CTCPEC: Canadian Trusted Computer Product Evaluation Criteria
Canadian Trusted Computer Product Evaluation Criteria was the agreement between the Canadians and the USA to harmonize the criteria of CTCPEC and FC/TCSEC that kick-started the development of the Common Criteria.
CTL: Certificate trust list
Certificate trust list(CTL) is a predefined list of items that have been signed by a trusted entity. A CTL can be anything, such as a list of hashes of certificates, or a list of file names. All the items in the list are authenticated (approved) by the signing entity.
CVE: Common Vulnerabilities and Exposures
Common Vulnerabilities and Exposures (CVE) refers to an emerging industry standard for naming vulnerabilities and other information security exposures.
Cyber Attack
Cyber Attack refers to the attack on the world's networks, or "cyberspace", by terrorists, radical groups, narcotics traffickers, and organized crime etc. Cyber attacks may cause network down, information compromizing, wrong insutructions to trigger other events and much more. Cyber attacks can supplement or replace traditional military attacks, greatly complicating and expanding the vulnerabilities we must anticipate and counter. The resources at risk include not only information stored on or traversing cyberspace, but all of the components of our national infrastructure that depend upon information technology and the timely availability of accurate data.
Cybercrime
Cybercrime refers to the criminal activities that take place in the Internet(cyberspace).
Cyberslacker
A cyberslacker is a member of staff who uses company Internet resources for non-work purposes. Viewing porn, booking holidays, making on-line domestic purchases in company time and on company resources are all forms of cyberslacking.
Cyberterrorism or Cyberwarfare
Cyberterrorism, also known as cyberwarfare, means that terrorist groups, political activists and even foreign countries could launch electronic attacks against a nation's electronic infrastructure.Since so much of society is now dependent upon computers and networks, serious disruption to this infrastructure would have a very damaging effect.
Cyberwoozle
Cyberwoozle refers to the practice of siphoning data from users' PCs as they surfing the net. Examples include using HTML to mail documents back to the attacker, using cookies to extract email addresses and the last 10 sites visited. Generally based on the browser's ability to send email silently, or to control email flow from a hidden form.
Cypherpunk anonymous remailer
A cypherpunk anonymous remailer is an anonymous remailer that takes messages encrypted with PGP or GPG, or in some cases in plain text, and forwards it removing any identity information from the header.