A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

Index for glossary C

Captive Portal

A landing page is shown whenever the user starts a new browser session on the wireless network from their client device.

Top

centralized Identity Management

centralized identity management a model of identity management in which the same identifier and credential are used by each service provider.

Top

Certificate

An electronic document attesting to the binding of a public key to an individual or entity. It allows verification of the claim that a specific public key belongs to a specific individual. A certificate is issued and digitally signed by a trusted third party or Certification Authority.

Top

Certification Authority

A trusted authority or party that digitally signs certificates in order to validate the identity of a person or party.

Top

Certificate Management

A management mechanism includes tasks of storage, dissemination, publication, revocation and suspension of certificates.

Top

Certificate Revocation List (CRL)

Certificate Revocation List (CRL) is periodically issued list, digitally signed by the Certification Authority, of identified certificates that have been suspended or revoked prior to their expiration dates. It normally shows information such as the CRL issuer's name, date of issue, suspended or revoked certificate's serial numbers.

Top

Certificate Server

A server which performs the certification process of public keys.

Top

Challenge / Response

An authentication technique used by a system/server to authenticate a user. A server usually sends an unpredictable challenge (a set of numbers or letters) to the user, and the client/user will then compute a response using some special form of authentication token.

Top

Ciphertext

A scrambled / cryptic content derived from plaintext using an encryption algorithm.

Top

Client Authentication

It refers to the process in which a server verifies the identity of a client before allowing it to gain access.

Top

Code Injection Attack

An attack technique to introduce code into a computer program or system to form an unexpected action. The attack is usually accomplished by taking advantage of an un-enforced or loosely implemented input validation process.

Top

Common Criteria

Please see ISO/IEC 15408.

Top

Companion Virus

A virus that creates a new program with the same file name as an existing program, but in a different place or with a different file type, so that typing the program's name on the command line causes the virus program to be executed instead of the original program.

Top

Compromise

A violation of a security policy in which an unauthorised access to a system, disclosure or lost of sensitive information may be resulted.

Top

Computer Emergency Response Team (CERT)

An organisation that provides incident response services, publishes alerts and threats, about vulnerabilities, as well as other information on computer and network security.

Top

Confidentiality

The condition in which the sensitive data is protected and disclosed to authorised parties only, e.g. assurance of privacy using encryption or other methods.

Top

Control Objectives for Information and related Technology (COBIT)

The Control Objectives for Information and related Technology (COBIT) is a control framework that links IT initiatives to business requirements, organises IT activities into a generally accepted process model, identifies the major IT resources to be leveraged and defines the management control objectives to be considered.

Top

Cracker

An individual with malicious intent who attempts to gain unauthorised access to other’s system.

Top

Cross-certification

A condition in which two or more different certificate issuing authorities trust among themselves by issuing certificates having the other as the subject of the certificate.

Top

Cross Site Request Forgery

Cross site request forgery is an attack that forces a logged-on victim's browser to send a pre-authenticated request to a vulnerable web application, which then forces the victim's browser to perform a hostile action to the benefit of the attacker.

Top

Cross Site Scripting

Cross site scripting is a flaw in web application that allows the execution of scripts in the victim's browser to hijack user sessions, deface websites, and possibly introduce worms, etc.

Top

Cryptography

Cryptography is the art of keeping messages secret by using different methods. It normally deals with all aspects of secure messaging, authentication, digital signatures, and electronic money. Cryptanalysis is the art of breaking these methods. Cryptology is the study of cryptography and cryptanalysis.

Top

Cyclic Redundancy Code (CRC)

A CRC is a type of checksum. A checksum algorithm takes a file (or other string of bytes) and calculates from it a few bytes (the checksum) that depend on the entire file. The idea is that, if anything in the file changes, the checksum will change. CRC checksums are usually used to detect random, uncorrelated changes in files.