computer architecture An engineering discipline concerned with the construction of com- puting systems from the logical level. computer crime Any crime that is perpetrated against or with the use of a computer. Computer Fraud and Abuse Act A United States law written to exclusively cover computer crimes that cross state boundaries to avoid infringing upon states’ rights. Computer Security Act CSA of 1987 A United States law that mandates baseline security requirements for all federal agencies. concentrator See repeater. conclusive evidence Incontrovertible evidence that overrides all other forms of evidence. concurrency A security mechanism that endeavors to make certain that the information stored in a database is always correct or at least has its integrity and availability protected. Con- currency uses a “lock” feature to allow an authorized user to make changes and then “unlocks” data elements only after all changes are complete. confidential 1 A governmentmilitary classification used for data of a confidential nature. Unauthorized disclosure of confidential data will have noticeable effects and cause damage to national security. This classification is used for all data between secret and sensitive but unclas- sified classifications. 2 The highest level of commercial businessprivate sector classification. Used for data that is extremely sensitive and for internal use only. A significant negative impact could occur for the company if confidential data is disclosed. confidentiality The assurance that information is protected from unauthorized disclosure and the defined level of secrecy is maintained throughout all subject-object interactions. configuration management The process of logging, auditing, and monitoring activities related to security controls and security mechanisms over time. This data is then used to identify agents of change, whether objects, subjects, programs, communication pathways, or even the network itself. confinement or confinement property The principle that allows a process only to read from and write to certain memory locations and resources. This is an alternate name for the star Security Property of the Bell-LaPadula model. confusion It occurs when the relationship between the plaintext and the key is complicated enough that an attacker can’t just alter the plaintext and analyze the result in order to determine the key. consistency One of the four required characteristics of all database transactions the other three are atomicity, isolation, and durability. All transactions must begin operating in an envi- ronment that is consistent with all of the database’s rules. contamination The result of mixing of data with a different classification level andor need- to-know requirement. content-dependent access control A form of access control based on the contents or pay- load of an object. context-dependent access control A form of access control based on the context or sur- roundings of an object. continuity A goal an organization can accomplish by having plans and procedures to help mitigate the effects a disaster has on its continuing operations and to speed the return to normal operations. contractual license agreement A written contract between the software vendor and the cus- tomer outlining the responsibilities of each. control The use of access rules to limit a subject’s access to an object. controls gap The difference between total risk and residual risk. Copper Distributed Data Interface CDDI Deployment of FDDI using twisted pair i.e., copper wires. Reduces the maximum segment length to 100 meters and is susceptible to interference. copyright Law that guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work. corrective access control An access control deployed to restore systems to normal after an unwanted or unauthorized activity has occurred. Examples of corrective access controls include alarms, mantraps, and security policies. corrective controls Instructions, procedures, or guidelines used to reverse the effects of an unwanted activity, such as attacks or errors. countermeasures Actions taken to patch a vulnerability or secure a system against an attack. Countermeasures can include altering access controls, reconfiguring security settings, installing new security devices or mechanisms, adding or removing services, and so on. coupling The level of interaction between objects. Lower coupling means less interaction. Lower coupling delivers better software design because objects are more independent. Lower coupling is easier to troubleshoot and update. Objects with low cohesion require lots of assis- tance from other objects to perform tasks and have high coupling. covert channel The means by which data can be communicated outside of normal, expected, or detectable methods. covert storage channel A channel that conveys information by writing data to a common storage area where another process can read it. covert timing channel A channel that conveys information by altering the performance of a system component or modifying a resource’s timing in a predictable manner. This is generally a more sophisticated method to covertly pass data and is very difficult to detect.