covert security testing - Performed to simulate the threats that are associated with external adversaries. While the security staff has no knowledge of the covert test, the organization management is fully aware and consents to the test.
covert storage channel - A covert channel that involves writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a resource (for example, sectors on a disk) that is shared by two subjects at different security levels.
covert timing channel - A covert channel in which one process modulates its system resource (for example, CPU cycles), which is interpreted by a second process as some type of communication.
crossover error rate - This is achieved when the type I and type II error rates are equal.
cryptanalysis - The practice of breaking cryptosystems and algorithms used in encryption and decryption processes.
cryptography - The science of secret writing that enables storage and transmission of data in a form that is available only to the intended individuals.
cryptology - The study of cryptography and cryptanalysis.
cryptosystem - The hardware or software implementation of cryptography.
cryptovariable - The input that controls the operation of the cryptographic algorithm. It determines the behavior of the algorithm and permits the reliable encryption and decryption of the message.
curie temperature - The critical point where a material\'s intrinsic magnetic alignment changes direction.
custodian - Responsible for protecting an asset that has value, while in the custodian\'s possession.
DAC - (Discretionary Access Control) - An access control model and policy that restricts access to objects based on the identity of the subjects and the groups to which those subjects belong. The data owner has the discretion of allowing or denying others access to the resources it owns.
data at rest - Data that resides in external or auxiliary storage devices such as hard disk drives, solid-state drives, or DVDs.
data classification - Assignments to data that indicate the level of availability, integrity, and confidentiality that is required for each type of information.
data custodian - An individual who is responsible for the maintenance and protection of the data. This role is usually filled by the IT department (usually the network administrator). The duties include performing regular backups of the data, periodically validating the integrity ,of ,the data, periodically validating the integrity of the data, restoring data from backup media, and fulfilling the requirements specified in the company\'s security policy, standards, and guidelines that pertain to information security and data protection.
Data Encryption Standard - Symmetric key encryption algorithm that was adopted by the government as a federal standard for protecting sensitive unclassified information. DES was later replaced with Advanced Encryption Standard (AES).
data flow coverage - This criteria requires sufficient test cases for feasible data flow to be executed at least once.
data in motion -
data in transit -
data in use - Data that temporarily resides in primary storage such as registers, caches, or RAM while the CPU is using it.
data loss prevention - The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data.
data mining - The analysis of the data held in data warehouses in order to produce new and useful information.
data owner - An entity that collects or creates PII.
data remanence - A measure of the magnetic flux density remaining after removal of the applied magnetic force, which is used to erase data. Refers to any data remaining on magnetic storage media.
data subject - The individual human related to a set of personal data.
data warehousing - The process of combining data from multiple databases or data sources into a large data store for the purpose of providing more extensive information retrieval and data analysis.
database managements system - A suite of application programs that typically manages large, structured sets of persistent data.=DBMS(DataBase Management System) - A suite of application programs that typically manages large, structured sets of persistent data.
database shadowing - A mirroring technology used in databases, in which information is written to at least two hard drives for the purpose of redundancy.
decision coverage - Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-itegrity applications.
declassification - An administrative decision or procedure to remove or reduce the security classification information.
decryption - The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key that was used to do the original encryption.
dedicated security mode - The mode in which a system operates if all users have the clearance or authorization to access, and the need to know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements pertaining to this information.
defensible destruction - Eliminating data using a controlled, legally defensible, and regulatory compliant way.
degauss - Process that demagnetizes magnetic media so that a very low residue of magnetic induction is left on the media. Used to effectively erase data from media.
Delphi technique - A group decision method used to ensure that each member of a group gives an honest and anonymous opinion pertaining to the company\'s risks.
denial of service - Any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose.
DES - (Data Encryption Standard) - Symmetric key encryption algorithm that was adopted by the government as a federal standard for protecting sensitive unclassified information. DES was later replaced with Advanced Encryption Standard (AES).
DevOps - The practice of incorporating developers and members of operations and quality assurance (QA) staff into software development projects to align their incentives and enable frequent, efficient, and reliable releases of software products.
dial-up - The service whereby a computer terminal can use telephone lines, usually via a modem, to initiate and continue communication with another computer system.
dictionary attack - A form of attack in which an attacker uses a large set of likely combinations to guess a secret, usually a password.
diffusion - Provided by mixing up the location of the plaintext throughout the ciphertext. The strongest algorithms exhibit a high degree of confusion and diffusion.
digital certificate - An electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder
digital rights management - A broad range of technologies that grant control and protection to content providers over their own digital media. May use cryptography techniques.
digital signature - An electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.
digital signatures - Provide authentication of a sender and integrity of a sender
disaster recovery plan - A plan developed to help a company recover from a disaster. It provides procedures for emergency response, extended backup operations, and post-disaster recovery when an organization suffers a loss of computer processing capability or resources and physical facilities.
discretionary access control - An access control model and policy that restricts access to objects based on the identity of the subjects and the groups to which those subjects belong. The data owner has the discretion of allowing or denying others access to the resources it owns.
Distributed Network Protocol 3 - A communications protocol designed for use in SCADA systems, particularly those within the power sector, that does not include routing functionality.
DLP - (Data Loss Prevention) - The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data.
DNP3 - (Distributed Network Protocol 3) - A communications protocol designed for use in SCADA systems, particularly those within the power sector, that does not include routing functionality.