Читаем CISSP Practice полностью

The process of reducing the number of bits required to represent some information, usually to reduce the time or cost of storing or transmitting it.

Compromise

The unauthorized disclosure, modification, substitution, or use of sensitive data (including keys, key metadata, and other security-related information) and loss of, or unauthorized intrusion into, an entity containing sensitive data and the conversion of a trusted entity to an adversary.

Compromise recording

Records and logs should be maintained so that if a compromise does occur, evidence of the attack is available to the organization in identifying and prosecuting attackers.

Compromised state

A cryptographic key life cycle state in which a key is designated as compromised and not used to apply cryptographic protection to data. Under certain circumstances, the key may be used to process already protected data.

Computer crime

Fraud, embezzlement, unauthorized access, and other “white collar” crimes committed with the aid of or directly involving a computer system and/or network.

Computer emergency response team coordination center (CERT/CC)

CERT/CC focuses on Internet security vulnerabilities, provides incident response services to websites that have been the victims of attack, publish security alerts, research security and survivability in wide-area-networked computing environments, and develops website security information. It issues security advisories, helps start incident response teams for user organizations, coordinates the efforts of teams when responding to large-scale incidents, provides training to incident handling staff, and researches the causes of security vulnerabilities.

Computer facility

Physical resources that include structures or parts of structures to house and support capabilities. For small computers, stand-alone systems, and word processing equipment, it is the physical area where the computer is used.

Computer forensic process life cycle

A computer forensic process life cycle consisting of four basic phases: collection, examination, analysis, and reporting.

Computer forensics

The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

Computer fraud

Computer-related crimes involving deliberate misrepresentation, alteration, or disclosure of data in order to obtain something of value (usually for monetary gain). A computer system must have been involved in the perpetration or cover-up of the act or series of acts. A computer system might have been involved through improper manipulation of input data; output or results; applications programs; data files; computer operations; communications; or computer hardware, systems software, or firmware.

Computer network

A complex consisting of two or more interconnected computers.

Computer security

Measures and controls that ensure confidentiality, integrity, and availability of IT assets, including hardware, software, firmware, and information being processed, stored, and communicated.

Computer security incident

A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.

Computer security incident response team (CSIRT)

A capability set up for the purpose of assisting in responding to computer security-related incidents; also called a computer incident response team (CIRT), a computer incident response center (CIRC), or a computer incident response capability (CIRC).

Computer virus

A computer virus is similar to a Trojan horse because it is a program that contains hidden code, which usually performs some unwanted function as a side effect. The main difference between a virus and a Trojan horse is that the hidden code in a computer virus can only replicate by attaching a copy of itself to other programs and may also include an additional “payload” that triggers when specific conditions are met.

Concentrators

Concentrators gather together several lines in one central location, and are the foundation of a FDDI network and are attached directly to the FDDI dual ring.

Concept of operations

It is a computer operations plan consisting of only one document, where it will describes the scope of entire operational activities.

Confidentiality