464 code testing methods – custodians
cookies, 450
COPPA (Children’s Online Privacy
Protection Act), 18, 255, 324, 430
copyright law, 241, 279, 321
cordless phones, 94
corporate espionage, 173
coupling, 393
coverage criteria, validating code testing, 138
covert timing channel, 74, 182, 346, 395
CPE (Common Platform Enumeration), 378
create rule, 430
credential management, 435, 444
credit card information, 8, 34
CRL (Certificate Revocation List), 271
CRM (customer relationship management),
cloud and, 156
cross-site request forgery, 196–197, 403
crosstalk, 357
cryptography, 228, 251–252
asymmetric cryptosystems, 55–56, 74,
339, 345
authentication and, 65
ciphers, 67
decrypting, plaintext, 67
devices, 57
Fair Cryptosystems approach, 60, 341
hash functions, 58
Kerckhoff’s principle, 340
keys, 207, 242, 249, 442
nonrepudiation, 270
protocols, 66
steganography, 212, 342, 410
symmetric cryptosystems, 58, 281
system design, 244
crystal box penetration testing, 418
CSIRT (computer security incident response
team), 158, 384, 440
CSMA/CD (Carrier-Sense Multiple Access
with Collision Detection), 355
CSRF (cross-site request forgery), 393
CTR (Counter), 405
CUI (Controlled Unclassified Information)
classification, 452
custodians, 328Fagan inspection, 144
formal, 311
manual, 380
non-human, 142
request for proposal, 148
structural coverage, 226
code testing methods, 189, 400
code word, 174
cognitive password, 262, 301, 433, 451
cohesion, 393
cold sites, 386
collection phase, 414
collision detection, jam signals, 97
collision domain, 348
Common Criteria
EAL1 evaluation assurance level, 61
EAL2 evaluation assurance level, 220
security requirements, 58, 302
communication and network security,
answers, 347–358
communications systems, 202, 298
community cloud computing model, 421
compensation controls, 423
compiled languages, 448
complexity, 267
compliance, workstations, 36
composition theory, 73
Computer Fraud and Abuse Act, 15, 442
Computer Security Act of 1987, 13, 322
computers, 261
concentrators, 350
confidence levels, 181
confidentiality, 16, 323, 452
configuration control, 454
confinement limits, 72
connections, speed, 86
consistency, 397, 403, 406
constrained user interfaces, 218, 358, 360,
412
context-dependent control, 360
continuity planning, 4
control flow graphs, 307
control objective framework, 16
controls, 4, 5, 17, 54, 202