C2 is a computer security class defined in the Trusted Computer System Evaluation Criteria.
C2 Infrastructure Data consists of domains, IP addresses, protocol signatures, email addresses, payment card data, etc.
A Central Services Node is the Key Management Infrastructure core node that provides central security management and data management services.
In cryptography, a certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.
Certificate Management is the process in which certificates are generated, used, transmitted, loaded and destroyed.
A Certificate Revocation List is an independent third party that verifies the online identity of an entity. They issue digital certificates that contains information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner.
A Chain of Custody is a chronological documentation of how electronic evidence is handled and collected. It also contains information on how has access to it.
The chain of evidence shows who obtained the evidence, where the evidence came from, also who secured, had control and possession of the evidence. The chain of evidence goes in the following order: collection and identification; analysis; storage; preservation; presentation in court; return to owner.
Challenge Response Protocol is a authentication protocol, where the verifier sends the user a challenge. When the challenge is solved with a private key operation, access is then allowed.
A payment card transaction where the supplier initially receives payment but the transaction is later rejected by the cardholder or the card issuing company. The supplier's account is then debited with the disputed amount.
A Numerical value that helps to check if the data transmitted is the same as the data stored and that the recipient has error free data. It is often the sum of the numerical values of bits of digital data stored, this value should match with the value at the recipients end, and a mismatch in the value indicates an error.
A Chief Information Security Officer is a senior level executive of an organization entrusted with the responsibilities of protecting the information assets of the businesses and making sure that the information policies of the organization align with the objectives of the organization.
A Chief Security Officer is an executive of the company with assigned responsibility to protect assets such as the infrastructure, personnel, including information in digital and physical form.
In cryptography, a cipher is an algorithm for performing encryption or decryption of code. This process encrypts data into code, or decipher the code to a required key.
Cipher Text is data converted from plain text into code using algorithm, making it unreadable without the key.
Ciphony is the process of enciphering audio information with the result of encrypted speech.
A claimant is the party who needs to be identified via an authentication protocol.
A policy that directs all personnel to clear their desks at the end of each working day, and file everything appropriately. Desks should be cleared of all documents and papers, to ensure that sensitive papers and documents are not exposed to unauthorized persons outside of working hours.
Clear Screen Policy is a policy that directs all computer users to ensure that the contents on screen are protected from prying eyes. The easiest way is to use a screen saver that engages either on request or after a specified short period of time.
Cleartext is data in ASCII format or data that is not coded or encrypted. All applications and machines support plain text.
The Clinger–Cohen Act (CCA), formerly the Information Technology Management Reform Act of 1996 (ITMRA), is a 1996 United States federal law, designed to improve the way the federal government acquires, uses and disposes information technology (IT).
Cloud Computing is a platform that utilizes shared resources rather than a local server to access information. Information is stored on, and can be retrieved form the cloud or internet. Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet.
A cold site is a backup site that can became operational fairly quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location.
A collision is a situation where two or more devices try sending requests or transmit data to the same device at the same time.
Common text is a series of requirements defined by the International Organization for Standardization, that are being incorporated in all management system International Standards as they are revised.
Compartmentalization is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.
Compliance is the act of adhering to the set standards, rules, and laws of regulatory bodies and authorities. For example, in software, installation process abides by the vendor license agreement.
A Compliance Document is a document detailing the actions required to comply or adhere to the set standards by regulatory bodies. Any violations of the said rules attract punitive actions from the regulatory bodies.
A compromise is the violation of the company's system security policy by an attacker. It can result in the modification, destruction or theft of data.
Computer crime refers to form of illegal act involving electronic information and computer equipment.
Computer Forensics is the process of analyzing computer devices which are suspected for crime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offer many tools for investigation and analysis to find out such evidence.
Computer fraud is a computer crime that an intruder commits to obtain money or something of value from a company. Computer fraud can involve the modification, destruction, theft or disclosure of data. Often, all traces of the crime are covered up.
Confidentiality ensures that rules are set that places restrictions on access to, or sharing of information with the aim of preserving and protecting the privacy of the information.