C - Definitions

  • C

    cable modem

    A cable modem is a device that enables you to hook up your PC to a local cable TV line and receive data at about 1.5 Mbps.

  • cache cramming

    Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run.

  • cache poisoning (DNS poisoning, web cache poisoning)

    Cache poisoning is an attack vector that exploits the way domain name system (DNS) clients and web servers improve performance by saving old responses for a specified period of time in a temporary storage area called cache.

  • CALEA (Communications Assistance for Law Enforcement Act)

    CALEA (Communications Assistance for Law Enforcement Act) is a United States federal law that enables the government to intercept wire and electronic communications and call-identifying information under certain circumstances -- in particular, when it is necessary in order to protect national security.

  • CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

    A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a type of challenge-response system designed to differentiate humans from robotic software programs.

  • capture

    Capture is the process or means of obtaining and storing external data, particularly images or sounds, for use at a later time.

  • card-not-present fraud (card-not-present transaction)

    Card-not-present (CNP) fraud is the unauthorized use of a payment card to conduct a card-not-present transaction when the cardholder cannot or does not physically present the card at the time of the transaction.

  • cardholder data (CD)

    Cardholder data (CD) refers to the primary account number (PAN) of a payment card belonging to a cardholder, along with any of the following data types: cardholder name, expiration date or service code (a three- or four-digit number coded onto the magnetic-stripe that specifies acceptance requirements and limitations for a magnetic-stripe-read transaction).

  • cardholder data environment (CDE)

    A cardholder data environment or CDE is a computer system or networked group of IT systems that processes, stores and/or transmits cardholder data or sensitive payment authentication data, as well as any component that directly connects to or supports this network.

  • Carnivore

    Carnivore was an Internet surveillance system developed for the U.S. Federal Bureau of Investigation (FBI) so that they could monitor the electronic transmissions of criminal suspects. Critics, however, charged that Carnivore did not include appropriate safeguards to prevent misuse and might violate the constitutional rights of the individual. The Electronic Privacy Information Center (EPIC) reported in early 2005 that the FBI had replaced Carnivore with other unspecified surveillance software from commercial sources. Such software usually includes a packet sniffer.

  • CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

    Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology... (Continued)

  • certificate authority (CA)

    A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.

  • Certificate Revocation List (CRL)

    A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority and should not be trusted. Web browsers use CRLs to determine whether a website's digital certificate is still valid and trustworthy.

  • Certified Cloud Security Professional (CCSP)

    The Certified Cloud Security Professional (CCSP) certification is intended for experienced IT professionals who have a minimum of five years of experience in the industry with three of those years being in information security and one year in one of the six CCSP domains.

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.

  • Certified Information Systems Auditor (CISA)

    Certified Information Systems Auditor (CISA) is a certification issued by ISACA to people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected; the certification is presented after completion of a comprehensive testing and application process.

  • Certified Information Systems Security Professional (CISSP)

    Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².

  • chaffing and winnowing

    Chaffing and winnowing are dual components of a privacy-enhancement scheme that does not require encryption.

  • challenge-response authentication

    In information security, challenge-response authentication is a type of authentication protocol where one entity presents a challenge or question, and another entity provides a valid response to be authenticated.

  • Chameleon Card

    The Chameleon Card is a programmable card in development at Chameleon Network that can represent each of the owner's credit, debit, and customer cards as required, making it unnecessary to carry all of the aforementioned.

  • CHAP (Challenge-Handshake Authentication Protocol)

    CHAP (Challenge-Handshake Authentication Protocol) is a more secure procedure for connecting to a system than the Password Authentication Procedure (PAP).

  • checksum

    A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions.

  • Chernobyl virus

    The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.

  • cipher

    In cryptology, the discipline concerned with the study of cryptographic algorithms, a cipher is an algorithm for encrypting and decrypting data.

  • cipher block chaining (CBC)

    Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block).

  • ciphertext feedback (CFB)

    Ciphertext feedback (CFB) is a mode of operation for a block cipher. In contrast to the cipher block chaining (CBC) mode, which encrypts a set number of bits of plaintext at a time, it is at times desirable to encrypt and transfer some plaintext values instantly one at a time, for which ciphertext feedback is a method.

  • Cisco Certified Security Professional (CCSP)

    A Cisco Certified Security Professional (CCSP) is an IT (Information Technology) professional who has received formal training from Cisco Systems in network-related security hardware, software and management... (Continued)

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

  • claims-based identity

    Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions.

  • Class C2

    Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.

  • click fraud (pay-per-click fraud)

    Click fraud (sometimes called pay-per-click fraud) is the practice of artificially inflating traffic statistics for online advertisements.

  • cloaking

    Cloaking is the masking of the sender's name and address in an e-mail note or distribution.

  • COBIT

    COBIT is a framework for developing, implementing, monitoring and improving information technology (IT) governance and management best practices.

  • cocooning

    Cocooning is the act of insulating or hiding oneself from the normal social environment, which may be perceived as distracting, unfriendly, dangerous, or otherwise unwelcome, at least for the present.

  • cold boot attack

    A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system.

  • Common Body of Knowledge (CBK)

    In security, Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.

  • Common Vulnerabilities and Exposures (CVE)

    Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.

  • Common Weakness Enumeration (CWE)

    Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued)

  • computer exploit

    A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.

  • computer forensics (cyber forensics)

    Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

  • conditional access (CA)

    Conditional access (CA) is a technology used to control access to digital television (DTV) services to authorized users by encrypting the transmitted programming.

  • content filtering (information filtering)

    On the Internet, content filtering (also known as information filtering) is the use of a program to screen and exclude from access or availability Web pages or e-mail that is deemed objectionable.

  • Content Scrambling System (CSS)

    Content Scrambling System (CSS) is a data encryption and authentication method used to protect digital versatile disk (DVD) movies from being illegally copied, distributed, and viewed from other devices, such as computer hard drives.

  • context-aware security

    Context-aware security is the use of situational information (such as identity, location, time of day or type of endpoint device) to improve information security decisions.

  • continuous authentication

    Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis.

  • cookie poisoning

    On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft.

  • copyright

    Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative expression, including books, video, movies, music and computer programs.

  • counterfeit detector pen

    A counterfeit detector pen is a felt tip pen containing an iodine solution that can be used to help identify computer-generated counterfeit bills.

  • cracker

    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.

  • CRAM (challenge-response authentication mechanism)

    CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).

  • Crash Course: Spyware

    In general, spyware is any technology that aids in gathering information about a person or organization without their knowledge.

  • crimeware

    Crimeware is programming that is designed to facilitate illegal online activity. The use of crimeware is primarily financially motivated.

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites.

  • cryptanalysis

    Cryptanalysis is the study of ciphertext, ciphers and cryptosystems with the aim of understanding how they work and finding and improving techniques for defeating or weakening them.

  • crypto

    Depending on its usage, crypto can be a short form for cryptography or for encryption.

  • cryptographic checksum

    A cryptographic checksum is a mathematical value (called a checksum) that is assigned to a file and used to "test" the file at a later date to verify that the data contained in the file has not been maliciously changed.

  • cryptography

    Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.

  • cryptology

    Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.

  • cryptoperiod (key lifetime or a validity period)

    A cryptoperiod (sometimes called a key lifetime or a validity period) is a specific time span during which a cryptographic key setting remains in effect.

  • cryptosystem

    A cryptosystem is a structure or scheme consisting of a set of algorithms that converts plaintext to ciphertext to encode or decode messages securely.

  • CSR (Certificate Signing Request)

    A Certificate Signing Request or CSR is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA) validating the information required by the CA in order for it to issue a certificate.

  • CSSLP (certified secure software lifecycle professional)

    The CSSLP (certified secure software lifecycle professional) is a certification for security professionals who wish to strengthen and demonstrate their knowledge about application security.

  • cut-and-paste attack

    A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but is not the same as) the one removed.

  • CVSS (Common Vulnerability Scoring System)

    The CVSS (Common Vulnerability Scoring System) rates the severity of software vulnerabilities so organizations are able to prioritize mitigation.

  • cyber attribution

    Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.

  • Cyber Storm

    Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real attack of similar magnitude...

  • cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

  • cyberextortion

    Cyberextortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack.

  • cybersecurity insurance (cybersecurity liability insurance)

    Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.

  • cyberstalking

    Cyberstalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group.

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.'

  • cyberwarfare

    Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state.

  • cypherpunk

    Cypherpunk, a term that appeared in Eric Hughes' "A Cypherpunk's Manifesto" in 1993, combines the ideas of cyberpunk, the spirit of individualism in cyberspace, with the use of strong encryption (ciphertext is encrypted text) to preserve privacy.

  • What is cybersecurity? Everything you need to know

    Cybersecurity is the protection of internet-connected systems -- including hardware, software and data -- from cyberattacks.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close