change control management See change management. change management The means by which changes to an environment are logged and mon- itored in order to ensure that any change does not lead to reduced or compromised security. checklist test A process in which copies of the disaster recovery checklists are distributed to the members of the disaster recovery team for their review. Children’s Online Privacy Protection Act COPPA A law in the United States that places specific demands upon websites that cater to children or knowingly collect information from children. chosen ciphertext attack An attack in which the attacker has the ability to decrypt chosen portions of the ciphertext message. chosen plaintext attack An attack in which the attacker has the ability to encrypt plaintext messages of their choosing and then analyze the ciphertext output of the encryption algorithm. CIA Triad The three essential security principles of confidentiality, integrity, and availability. All three must be properly addressed to establish a secure environment. cipher A system that hides the true meaning of a message. Ciphers use a variety of techniques to alter andor rearrange the characters or words of a message to achieve confidentiality. Cipher Block Chaining CBC A process in which each block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm. Cipher Feedback CFB A mode in which the DES algorithm is used to encrypt the preceding block of ciphertext. This block is then XORed with the next block of plaintext to produce the next block of ciphertext. ciphertext A message that has been encrypted for transmission. civil laws Laws that form the bulk of the body of laws in the United States. They are designed to provide for an orderly society and govern matters that are not crimes but require an impartial arbiter to settle disputes between individuals and organizations. Clark-Wilson model An model that employs limited interfaces or programs to control and maintain object integrity. class In the context of object-oriented programming terminology and techniques, a collection of common methods from a set of objects that defines the behavior of those objects. classification A label that is applied to a resource to indicate its sensitivity or value to an orga- nization and therefore designate the level of security necessary to protect that resource. classification level Another term for a security label. An assigned importance or value placed on objects and subjects. clean 1 The act of removing a virus from a system and repairing the damage caused by the virus. 2 The act of removing data from a storage media for reuse in the same security environment. clean power Nonfluctuating pure power. clearing A method of sufficiently deleting media that will be reused in the same secured envi- ronment. Also known as overwriting. click-wrap license agreement A software agreement in which the contract terms are either written on the software box or included in the software documentation. During the installation process, you are required to click a button indicating that you have read the terms of the agree- ment and agree to abide by them. clipping level A threshold value used in violation analysis auditing. Crossing the clipping level triggers recording of relevant event data to an audit log. closed-circuit television CCTV A security system using video cameras and video recording devices. closed head system See wet pipe system. clustering or key clustering A weakness in cryptography where a plaintext message gener- ates identical ciphertext messages using the same algorithm but using different keys. coaxial cable A cable with a center core of copper wire surrounded by a layer of insulation and then by a conductive braided shielding and finally encased in an insulation sheath. Coaxial cable is fairly resistant to EMI, has a low cost, and is easy to install. code See cipher. cohesive or cohesiveness An object is highly cohesive if it can perform a task with little or no help from other objects. Highly cohesive objects are not as dependent upon other objects as objects with lower cohesion. Objects with higher cohesion are often better. Highly cohesive objects perform tasks alone and have low coupling. cognitive password A variant of the password authentication factor that asks a series of questions about facts or predefined responses that only the subject should know. cold sites Standby facilities large enough to handle the processing load of an organization and with appropriate electrical and environmental support systems. collision attack See birthday attack. collusion An agreement between multiple people to perform an unauthorized or illegal action. commercial businessprivate sector classification The security labels commonly employed on secure systems used by corporations. Common corporate or commercial security labels are confidential, proprietary, private, sensitive, and public. Committed Information Rate CIR A contracted minimum guaranteed bandwidth alloca- tion for a virtual circuit.