Читаем CISSP Practice полностью

A determination that information requires a specific degree of protection against unauthorized disclosure together with a designation signifying that such a determination has been made.

Classification level

It is the security level of an object.

Classified information

Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.

CleanRoom development approach

A radical departure from the traditional waterfall software development approach. The entire team of designers, programmers, testers, documenters, and customers is involved throughout the system development lifecycle. The project team reviews the programming code as it develops it, and the code is certified incrementally. There is no need for unit testing due to code certification, but the system testing and integration testing are still needed.

Clearance level

It is the security level of a subject.

Clearing

The overwriting of classified information on magnetic media such that the media may be reused. This does not lower the classification level of the media. Note: Volatile memory can be cleared by removing power to the unit for a minimum of 1 minute.

Click fraud

Deceptions and scams that inflate advertising bills with improper charge per click in an online advertisement on the Web.

Client (application)

A system entity, usually a computer process acting on behalf of a human user that makes use of a service provided by a server.

Client/server architecture

An architecture consisting of server programs that await and fulfill requests from client programs on the same or another computer.

Client/server authentication

The secure sockets layer (SSL) and transport layer security (TLS) provide client and server authentication and encryption of Web communications.

Client/server model

The client-server model states that a client (user), whether a person or a computer program, may access authorized services from a server (host) connected anywhere on the distributed computer system. The services provided include database access, data transport, data processing, printing, graphics, electronic mail, word processing, or any other service available on the system. These services may be provided by a remote mainframe using long-haul communications or within the user’s workstation in real-time or delayed (batch) transaction mode. Such an open access model is required to permit true horizontal and vertical integration.

Client-side scripts

The client-side scripts such as JavaScript, JavaApplets, and Active-X controls are used to generate dynamic Web pages.

Cloning

The practice of re-programming a phone with a mobile identification number and an electronic serial number pair from another phone.

Close-in attacks

They consist of a regular type of individual attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information. Close physical proximity is achieved through surreptitious entry, open access, or both.

Closed-circuit television

Closed-circuit television (CCTV) can be used to record the movement of people in and out of the data center or other sensitive work areas. The film taken by the CCTV can be used as evidence in legal investigations.

Closed security environment

Refers to an environment providing sufficient assurance that applications and equipment are protected against the introduction of malicious logic during an information system life cycle. Closed security is based upon a system’s developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control.

Cloud computing

It is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics (i.e., on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service), three service models (i.e., cloud software as a service, cloud platform as a service, and cloud infrastructure as a service), and four deployment models (i.e., private cloud, community cloud, public cloud, and hybrid cloud).

Cluster computing