Читаем CISSP Practice полностью

Accreditation is the official management decision given by a senior officer to authorize operation of an information system and to explicitly accept the risk to organization operations (including mission, functions, image, or reputation), organization assets, or individuals, based on the implementation of an agreed-upon set of security controls. It is the administrative act of approving a computer system for use in a particular application. It is a statement that specifies the extent to which the security measures meet specifications. It does not imply a guarantee that the described system is impenetrable. It is an input to the security approval process. This is a management and preventive control.

Certification agent

The individual group or organization responsible for conducting a security certification.

Certification authority (CA)

(1) The entity in a public key infrastructure (PKI) that is responsible for issuing certificates and exacting compliance with a PKI policy. (2) A trusted entity that issues and revokes public key certificates to end entities and other CAs. CAs issue certificate revocation lists (CRLs) periodically, and post certificates and CRLs to a repository.

Certification authority facility

The collection of equipment, personnel, procedures, and buildings (offices) that are used by a CA to perform certificate issuance and revocation.

Certification practice statement (CPS)

A formal statement of the practices that certification authority (CA) employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in the certificate policy, or requirements specified in a contract for services).

Chain-in-depth

The market analysis in the supply chain strategy to identify alternative integrators/suppliers (level 1), the suppliers of the integrators/suppliers (level 2), or the suppliers of the suppliers of the integrators/suppliers (level 3), and other deep levels, thus providing a supply chain-in-depth analysis.

Chain of custody

A process that tracks the movement of evidence through its collection, safeguarding, and analysis life cycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.

Chain of evidence

A process of recording that shows who obtained the evidence, where and when the evidence was obtained, who secured the evidence, where it was stored, and who had control or possession of the evidence. The chain of evidence ties to the rules of evidence and the chain of custody.

Chain of trust

A chain of trust requires that the organization establish and retain a level of confidence that each participating external service provider in the potentially complex consumer-provider relationship provides adequate protection for the services rendered to the organization.

Chained checksum

A checksum technique in which the hashing function is a function of data content and previous checksum values.

Challenge handshake authentication protocol (CHAP)

An authentication mechanism for point-to-point protocol (PPP) connections that encrypt the user’s password. It uses a three-way handshake between the client and the server.

Challenge-response

An authentication procedure that requires calculating a correct response to an unpredictable challenge.

Challenge-response protocol

An authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a shared secret (often by hashing the challenge and secret together) to generate a response that is sent to the verifier. The verifier knows the shared secret and can independently compute the response and compare it with the response generated by the claimant. If the two are the same, the claimant is considered to have successfully authenticated himself. When the shared secret is a cryptographic key, such protocols are generally secure against eavesdroppers. When the shared secret is a password, an eavesdropper does not directly intercept the password itself, but the eavesdropper may be able to find the password with an offline password guessing attack.

Channel scanning

Changing the channel being monitored by a wireless intrusion detection and prevention system.

Chatterbots

Bots that can talk (chat) using animation characters.

Check-digit

A check-digit calculation helps ensure that the primary key or data is entered correctly. This is a technical and detective control.

Check-point