Common Body of Knowledge CBK The areas of information prescribed by ISC 2 as the source of knowledge for the CISSP exam. common mode noise Electromagnetic interference EMI noise generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment. Common Object Request Broker Architecture CORBA An international standard for dis- tributed computing. CORBA enables code operating on a computer to locate resources located elsewhere on the network. companion virus A variation of the file infector virus. A companion virus is a self-contained executable file that escapes detection by using a filename similar to, but slightly different from, a legitimate operating system file. compartmented A type of MAC environment. Compartmentalized or compartmented envi- ronments have no relationship between one security domain and another. To gain access to an object, the subject must have the exact specific clearance for that object’s security domain. compartmented mode See compartmented security mode. compartmented mode workstations A computer system in which all users have the same clearance. The concept of need-to-know is used to control access to sensitive data and the system is able to process data from multiple sensitivity levels at the same time. compartmented security mode A security mode in which systems process two or more types of compartmented information. All system users must have an appropriate clearance to access all information processed by the system but do not necessarily have a need to know all of the information in the system. compensation access control A type of access control that provides various options to other existing controls to aid in the enforcement and support of a security policy. competent A distinction of evidence that means that the evidence must be obtained legally. Evidence that results from an illegal search would be inadmissible because it is not competent. compiled languages A computer language that is converted into machine language before distribution or execution. compliance checking The process by which it is ensured that all of the necessary and required elements of a security solution are properly deployed and functioning as expected. compliance testing Another common usage of auditing. Verification that a system complies with laws, regulations, baselines, guidelines, standards, and policies is an important part of maintaining security in any environment. Component Object Model COM Microsoft’s standard for the use of components within a process or between processes running on the same system. compromise If system security has been broken, the system is considered compromised. computer architecture An engineering discipline concerned with the construction of com- puting systems from the logical level. computer crime Any crime that is perpetrated against or with the use of a computer. Computer Fraud and Abuse Act A United States law written to exclusively cover computer crimes that cross state boundaries to avoid infringing upon states’ rights. Computer Security Act CSA of 1987 A United States law that mandates baseline security requirements for all federal agencies. concentrator See repeater. conclusive evidence Incontrovertible evidence that overrides all other forms of evidence. concurrency A security mechanism that endeavors to make certain that the information stored in a database is always correct or at least has its integrity and availability protected. Con- currency uses a “lock” feature to allow an authorized user to make changes and then “unlocks” data elements only after all changes are complete. confidential 1 A governmentmilitary classification used for data of a confidential nature. Unauthorized disclosure of confidential data will have noticeable effects and cause damage to national security. This classification is used for all data between secret and sensitive but unclas- sified classifications. 2 The highest level of commercial businessprivate sector classification. Used for data that is extremely sensitive and for internal use only. A significant negative impact could occur for the company if confidential data is disclosed. confidentiality The assurance that information is protected from unauthorized disclosure and the defined level of secrecy is maintained throughout all subject-object interactions. configuration management The process of logging, auditing, and monitoring activities related to security controls and security mechanisms over time. This data is then used to identify agents of change, whether objects, subjects, programs, communication pathways, or even the network itself. confinement or confinement property The principle that allows a process only to read from and write to certain memory locations and resources. This is an alternate name for the star Security Property of the Bell-LaPadula model. confusion It occurs when the relationship between the plaintext and the key is complicated enough that an attacker can’t just alter the plaintext and analyze the result in order to determine the key. consistency One of the four required characteristics of all database transactions the other three are atomicity, isolation, and durability. All transactions must begin operating in an envi- ronment that is consistent with all of the database’s rules. contamination The result of mixing of data with a different classification level andor need- to-know requirement.