C
Cache: Pronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching.
Categorize: The second step of the NIST RMF that is used to develop risk management processes and tasks.
Categorize: The second step of the NIST RMF that is used to develop risk.
CentOS: An open-source distribution that is closely related to Red Hat.
Central Processing Unit (CPU): A computer’s main processor, which is used to perform general computing tasks on a computer.
Chain of Custody: Chain of Custody is the important application of the Federal rules of evidence and its handling.
Checksum: A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.
Chronicle: A cloud-native tool designed to retain, analyze, and search data.
Cipher: A cryptographic algorithm for encryption and decryption.
Client: A system entity that requests and uses a service provided by another system entity, called a “server.” In some cases, the server may itself be a client of some other server.
Cloud Computing: A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cloud Network: A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet.
Cloud Security: The process of ensuring that assets stored in the cloud are properly secured.
Cloud-based Firewalls: Software firewalls that are hosted by the cloud service provider.
Command and Control (C2): The techniques used by malicious actors to maintain
Command: An instruction telling the computer to do something
Command-line interface (CLI): A text-based user interface that uses commands to interact with the computer.
Comment: A note programmers make about the intention behind their code
Common Event Format (CEF): A log format that uses key-value pairs to structure
Common Vulnerabilities and Exposures (CVE®) list: An openly accessible dictionary
Common Vulnerability Scoring System (CVSS): A measurement system that scores
Compliance: The process of adhering to internal standards and external regulations
Computer Emergency Response Team (CERT): An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
Computer Network: A collection of host computers together with the sub-network or inter-network through which they can exchange data.
Computer Security Incident Response Teams (CSIRT): A specialized group of
Computer Virus: Malicious code written to interfere with computer operations and
Conditional Statement: A statement that evaluates code to determine if it meets a
Confidential Data: Data that often has limits on the number of people who have
Confidentiality: A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.
Confidentiality, Integrity, Availability (CIA) Triad: A model that helps inform how organizations consider risk when setting up systems and security policies
Confidentiality: The idea that only authorized users can access specific assets or data
Confidentiality: The idea that only authorized users can access specific assets or data
Configuration File: A file used to configure the settings of an application
Configuration Management: Establish a known baseline condition and manage it.
Containment: The act of limiting and preventing additional damage caused by an
Controlled zone: A subnet that protects the internal network from the uncontrolled zone
Cookie: Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections.
Corruption: A threat action that undesirably alters system operation by adversely modifying system functions or data.
Cost Benefit Analysis: A cost benefit analysis compares the cost of implementing countermeasures with the value of the reduced risk.
Countermeasure: Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. Intrusion Prevention Systems (IPS) commonly employ countermeasures to prevent intruders form gaining further access to a computer network. Other counter measures are patches, access control lists and malware filters.
Crimeware: A type of malware used by cyber criminals. The malware is designed to enable the cyber criminal to make money off of the infected system (such as harvesting key strokes, using the infected systems to launch Denial of Service Attacks, etc.).
Critical Infrastructure: The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.
Crossover Cable: A crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together.
Cross-Site Scripting (XSS): An injection attack that inserts code into a vulnerable
Crowdsourcing: The practice of gathering information using public input and
cryptocurrencies
Cryptographic Attack: An attack that affects secure forms of communication
Cryptographic Key: A mechanism that decrypts ciphertext
Cryptography: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.
Cryptojacking: A form of malware that installs software to illegally mine
CVE Numbering Authority (CNA): An organization that volunteers to analyze and
Cyber Exercise: A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.
Cyber Security: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
Cyber Threat Intelligence (CTI): The collecting, processing, organizing, and analyzing data into actionable information that relates to capabilities, opportunities, actions, and intent of adversaries in the cyber domain to meet a specific requirement determined by and informing decision-makers.
Cybersecurity (or Security): The practice of ensuring confidentiality, integrity, and cybersecurity threats.
