C cache RAM A process by that takes data from slower devices and temporarily stores it in higher-performance devices when its repeated use is expected. campus area network CAN A network that spans a college, university, or a multi-building office complex. capabilities list A list that maintains a row of security attributes for each controlled object. Although not as flexible as the token approach, capabilities lists generally offer quicker lookups when a subject requests access to an object. capability list Each row of an access control matrix is a capability list. A capability list is tied to the subject; it lists valid actions that can be taken on each object. cardinality The number of rows in a relational database. cell suppression The act of suppressing or hiding individual data items inside a database to prevent aggregation or inference attacks. centralized access control Method of control in which all authorization verification is per- formed by a single entity within a system. centralized alarm system An alarm system that signals a remote or centralized monitoring station when the alarm is triggered. certificate authority An agency that authenticates and distributes digital certificates. certificate revocation list CRL The list of certificates that have been revoked by a certificate authority before the lifetimes of the certificates have expired. certificates Endorsed copies of an individual’s public key that verifies their identity. certification The comprehensive evaluation, made in support of the accreditation process, of the technical and nontechnical security features of an IT system and other safeguards to estab- lish the extent to which a particular design and implementation meets a set of specified security requirements. chain of evidence The process by which an object is uniquely identified in a court of law. Challenge Handshake Authentication Protocol CHAP One of the authentication protocols used over PPP links. CHAP encrypts usernames and passwords. challenge-response token A token device that generates passwords or responses based on instructions from the authentication system. The authentication system displays a challenge in the form of a code or pass phrase. This challenge is entered into the token device. The token gen- erates a response based on the challenge, and then the response is entered into the system for authentication. change control See change management. change control management See change management. change management The means by which changes to an environment are logged and mon- itored in order to ensure that any change does not lead to reduced or compromised security. checklist test A process in which copies of the disaster recovery checklists are distributed to the members of the disaster recovery team for their review. Children’s Online Privacy Protection Act COPPA A law in the United States that places specific demands upon websites that cater to children or knowingly collect information from children. chosen ciphertext attack An attack in which the attacker has the ability to decrypt chosen portions of the ciphertext message. chosen plaintext attack An attack in which the attacker has the ability to encrypt plaintext messages of their choosing and then analyze the ciphertext output of the encryption algorithm. CIA Triad The three essential security principles of confidentiality, integrity, and availability. All three must be properly addressed to establish a secure environment. cipher A system that hides the true meaning of a message. Ciphers use a variety of techniques to alter andor rearrange the characters or words of a message to achieve confidentiality. Cipher Block Chaining CBC A process in which each block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm. Cipher Feedback CFB A mode in which the DES algorithm is used to encrypt the preceding block of ciphertext. This block is then XORed with the next block of plaintext to produce the next block of ciphertext. ciphertext A message that has been encrypted for transmission. civil laws Laws that form the bulk of the body of laws in the United States. They are designed to provide for an orderly society and govern matters that are not crimes but require an impartial arbiter to settle disputes between individuals and organizations. Clark-Wilson model An model that employs limited interfaces or programs to control and maintain object integrity. class In the context of object-oriented programming terminology and techniques, a collection of common methods from a set of objects that defines the behavior of those objects. classification A label that is applied to a resource to indicate its sensitivity or value to an orga- nization and therefore designate the level of security necessary to protect that resource. classification level Another term for a security label. An assigned importance or value placed on objects and subjects.