Index for glossary C
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)
CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a human being. It is to protect websites against bots by generating and grading tests that humans can pass but current computer programs cannot.
Centralised Identity Management
Centralised identity management is a model of identity management in which the same identifier and credential are used by each service provider.
Certification Authority (CA)
A trusted authority or party that issue and revoke digital certificates to a person or an organisation for proofing of identity in an electronic transaction.
A management mechanism includes tasks of storage, dissemination, publication, revocation and suspension of certificates.
A server which performs the certification process of public keys.
Challenge / Response
An authentication technique used by a system/server to authenticate a user. A server usually sends an unpredictable challenge (a set of numbers or letters) to the user, and the client/user will then compute a response using some special form of authentication token.
A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.
A scrambled / cryptic content derived from plaintext using an encryption algorithm.
Code Injection Attack
An attack technique to introduce code into a computer program or system to form an unexpected action. The attack is usually accomplished by taking advantage of an un-enforced or loosely implemented input validation process.
A violation of a security policy in which an unauthorised access to a system, disclosure or loss of sensitive information may be resulted.
Confidentiality is the need to ensure that information is disclosed only to those who are authorised to view it.
Control Objectives for Information and related Technology (COBIT)
The Control Objectives for Information and related Technology (COBIT) is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
An individual with malicious intent who attempts to gain unauthorised access to other’s system.
A set of claims used to prove the identity of a client. They contain an identifier for the client and a proof of the client's identity, such as a password. They may also include information, such as a signature, to indicate that the issuer certifies the claims in the credential.
Cross Site Scripting
Cross site scripting is a flaw in web application that allows the execution of scripts in the victim's browser to hijack user sessions, deface websites, and possibly introduce computer worms, etc.
Cryptography is the art of keeping messages secret by using different methods. It normally deals with all aspects of secure messaging, authentication, digital signatures, and electronic money.