C - Definitions

Search Definitions
  • C

    cache poisoning

    Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.

  • CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

    A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic computer programs.

  • cardholder data (CD)

    Cardholder data (CD) is any personally identifiable information (PII) associated with a person who has a credit or debit card.

  • cardholder data environment (CDE)

    A cardholder data environment (CDE) is a computer system or networked group of IT systems that processes, stores or transmits cardholder data or sensitive payment authentication data.

  • certificate authority (CA)

    A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates.

  • certificate revocation list (CRL)

    A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their actual or assigned expiration date.

  • Certified Cloud Security Professional (CCSP)

    Certified Cloud Security Professional (CCSP) is an International Information System Security Certification Consortium, or (ISC)2, certification that covers cloud-based cybersecurity best practices.

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.

  • Certified Information Systems Auditor (CISA)

    Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.

  • Certified Information Systems Security Professional (CISSP)

    Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².

  • challenge-response authentication

    In computer security, challenge-response authentication is a set of protocols used to protect digital assets and services from unauthorized users, programs or activities.

  • CHAP (Challenge-Handshake Authentication Protocol)

    CHAP (Challenge-Handshake Authentication Protocol) is a challenge and response authentication method that Point-to-Point Protocol (PPP) servers use to verify the identity of a remote user.

  • checksum

    A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions.

  • Chernobyl virus

    The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.

  • cipher

    In cryptography, a cipher is an algorithm for encrypting and decrypting data.

  • cipher block chaining (CBC)

    Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.

  • ciphertext feedback (CFB)

    In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher.

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

  • CISO as a service (vCISO, virtual CISO, fractional CISO)

    A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider.

  • claims-based identity

    Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions.

  • Class C2

    Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.

  • click fraud (pay-per-click fraud)

    Click fraud -- sometimes called 'pay-per-click fraud' -- is a type of fraud that artificially inflates traffic statistics for online advertisements.

  • cloaking

    Cloaking is a technique where a different version of web content is returned to users than to the search engine crawlers.

  • Cloud Controls Matrix

    The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

  • cloud security

    Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.

  • Cloud Security Alliance (CSA)

    The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.

  • cloud security architecture

    Cloud security architecture is a security strategy designed around securing an organization's data and applications in the cloud.

  • cloud security posture management (CSPM)

    Cloud security posture management (CSPM) is a market segment for IT security tools that are designed to identify misconfiguration issues and compliance risks in the cloud.

  • cloud workload protection

    Cloud workload protection is the safeguarding of workloads spread out across multiple cloud environments. Businesses that use public and private clouds can use cloud workload protection platforms to help defend themselves against cyber attacks.

  • COBIT

    COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.

  • Common Body of Knowledge (CBK)

    In security, the Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.

  • Common Vulnerabilities and Exposures (CVE)

    Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of known security threats.

  • Common Vulnerability Scoring System (CVSS)

    The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in software.

  • Common Weakness Enumeration (CWE)

    Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued)

  • communications security (COMSEC)

    Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred.

  • compliance as a service (CaaS)

    Compliance as a service (CaaS) is a cloud service that specifies how a managed service provider (MSP) helps an organization meet its regulatory compliance mandates.

  • computer cracker

    A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.

  • computer exploit

    A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.

  • computer forensics (cyber forensics)

    Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

  • Computer Fraud and Abuse Act (CFAA)

    The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that imposes criminal penalties on individuals who intentionally access a protected computer without proper authorization or whose access exceeds their authorization.

  • computer worm

    A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.

  • content filtering

    Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items.

  • continuous authentication

    Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis.

  • cookie poisoning

    Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft.

  • copyright

    Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative expression, including books, video, motion pictures, musical compositions and computer programs.

  • corporate governance

    Corporate governance is the combination of rules, processes and laws by which businesses are operated, regulated and controlled.

  • Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

    Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government's Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBC-MAC (CCM) mode of operation.

  • credential theft

    Credential theft is a type of cybercrime that involves stealing a victim's proof of identity.

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.

  • cryptanalysis

    Cryptanalysis is the study of ciphertext, ciphers and cryptosystems to understand how they work and to find and improve techniques for defeating or weakening them.

  • crypto wallet (cryptocurrency wallet)

    A crypto wallet (cryptocurrency wallet) is software or hardware that enables users to store and use cryptocurrency.

  • cryptographic checksum

    Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged.

  • cryptographic nonce

    A nonce is a random or semi-random number that is generated for a specific use.

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.

  • cryptology

    Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.

  • cryptosystem

    A cryptosystem is a structure or scheme consisting of a set of algorithms that converts plaintext to ciphertext to encode or decode messages securely.

  • CSR (Certificate Signing Request)

    A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA).

  • CSSLP (Certified Secure Software Lifecycle Professional)

    CSSLP (Certified Secure Software Lifecycle Professional) is a certification from ISC2 that focuses on application security within the software development lifecycle (SDLC).

  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.

  • cyber attribution

    Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.

  • cyber espionage

    Cyber espionage (cyberespionage) is a type of cyber attack that malicious hackers carry out against a business or government entity.

  • cyber extortion

    Cyber extortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack.

  • cyber hijacking

    Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.

  • cyber insurance

    Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract an entity can purchase to help reduce the financial risks associated with doing business online.

  • cybercrime

    Cybercrime is any criminal activity that involves a computer, network or networked device.

  • cybersecurity

    Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats.

  • cybersecurity asset management (CSAM)

    Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections.

  • cyberstalking

    Cyberstalking is a crime in which someone harasses or stalks a victim using electronic or digital means, such as social media, email, instant messaging (IM) or messages posted to a discussion group or forum.

  • cyberterrorism

    Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence.

  • cyberwarfare

    The generally accepted definition of cyberwarfare is a series of cyber attacks against a nation-state, causing it significant harm.

  • What is cyber hygiene and why is it important?

    Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data.

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close