change control management See change management. change management The means by which changes to an environment are logged and mon- itored in order to ensure that any change does not lead to reduced or compromised security. checklist test A process in which copies of the disaster recovery checklists are distributed to the members of the disaster recovery team for their review. Children’s Online Privacy Protection Act COPPA A law in the United States that places specific demands upon websites that cater to children or knowingly collect information from children. chosen ciphertext attack An attack in which the attacker has the ability to decrypt chosen portions of the ciphertext message. chosen plaintext attack An attack in which the attacker has the ability to encrypt plaintext messages of their choosing and then analyze the ciphertext output of the encryption algorithm. CIA Triad The three essential security principles of confidentiality, integrity, and availability. All three must be properly addressed to establish a secure environment. cipher A system that hides the true meaning of a message. Ciphers use a variety of techniques to alter andor rearrange the characters or words of a message to achieve confidentiality. Cipher Block Chaining CBC A process in which each block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm. Cipher Feedback CFB A mode in which the DES algorithm is used to encrypt the preceding block of ciphertext. This block is then XORed with the next block of plaintext to produce the next block of ciphertext. ciphertext A message that has been encrypted for transmission. civil laws Laws that form the bulk of the body of laws in the United States. They are designed to provide for an orderly society and govern matters that are not crimes but require an impartial arbiter to settle disputes between individuals and organizations. Clark-Wilson model An model that employs limited interfaces or programs to control and maintain object integrity. class In the context of object-oriented programming terminology and techniques, a collection of common methods from a set of objects that defines the behavior of those objects. classification A label that is applied to a resource to indicate its sensitivity or value to an orga- nization and therefore designate the level of security necessary to protect that resource. classification level Another term for a security label. An assigned importance or value placed on objects and subjects.