CPM Dictionary: C
Cache: 1) High-speed storage subsystem that can be either
a reserved section of main memory or an independent high-speed storage device;
in personal computers there are memory caching and disk caching; 2) a pre-determined
complement of tools, equipment and/or supplies stored in a designated location,
available for incident use
Cache Cramming: Tricking a browser to run cached Java code from a local disk,
instead of the Internet zone, so it runs with less restrictive permissions
Cache Poisoning: Malicious or misleading data from a remote name server is saved
[cached] by another name server; typically used with DNS cache poisoning attacks
California Specialized Training Institute (CSTI): One of the earliest and most
comprehensive national emergency management training centers, located in San
Luis Obispo, CA
Calling Tree: A graphic representation (typically a structured cascade) of calling
responsibilities and the calling order used to contact management, employees,
customers, vendors, and other key contacts in the event of an emergency, disaster,
or severe outage situation
Call Back: Authenticating a remote terminal, where the host system disconnects
the caller and then dials the authorized telephone number of the remote terminal
to reestablish the connection. See also Dial Back
Call Center Recovery: Process of recovering and restarting incoming call handling
operations at an alternate location; can also be implemented using a “virtual”
call center that uses Internet connections so that agents can work from their
homes or another location
Call Tree Cascade Test: An exercise designed to validate the currency of contact
lists and the list maintenance process
Camp: Geographical site, within a general incident area, separate from the Incident
Base, equipped and staffed to provide sleeping, food, water, and sanitary services
to incident personnel
Campus: Set of buildings that are geographically grouped together
Canvas: The window in which hosts and other drawing objects, representing a
network scheme, are placed
Capability: Protected identifier that both identifies the object and specifies
access rights to be allowed to the accessor who possesses the capability
Capability Maturity Model for Software (CMM or SW-CMM): A model for judging
the maturity of an organization’s software processes and for identifying
key practices required to increase process maturity
Captured Attack Sessions: A record of any network session that contains an attack
signature
Carrier: Person or animal that harbors a specific infectious agent in the absence
of discernible clinical disease and serves as a potential source of infection
Cascade System: A system in which one person or organization calls out/contacts
others who in turn initiate further call-outs/contacts as necessary. See also
Contact List, Call Tree and Reverse Cascade System
Case: In epidemiology, a person in a population or study group identified as
having a particular disease, health disorder, or condition under investigation.
See also Index Case
Case Definition: Diagnostic criteria that must be fulfilled to identify a person
as a case of a particular disease; can be based on clinical, laboratory, or
combined clinical and laboratory criteria, or a scoring system with points for
each criterion that matches the features of the disease. See also Case
Case Fatality Rate: The proportion of cases of a specified condition that is
fatal within a specified time. See also Case; Fatality Rate
Case-Finding: Standard procedure in control of certain contagious diseases,
e.g., tuberculosis, plague, smallpox, whereby diligent efforts are made to locate
and treat persons who have had close or intimate contact with a known cases.
See also Case
Case, Index: See also Index Case
Case-Sensitive: Distinction between lowercase and uppercase characters
Casualty: Person injured and needing medical treatment or killed because of
man-made or natural disasters
Casualty Bureau: The central police-controlled contact and information point
for all records and data relating to casualties and fatalities
Casualty Clearing Station: Collecting point for victims located in the immediate
vicinity of a disaster site where triage and medical treatment can be provided
Casualty Services: Professional medical help, hospital, and ambulance for collecting
and treating casualties
Catastrophe: Occurs when a disaster's effects are widespread
and its impact is so great that it overwhelms a community's ability to function;
can have an unusually high number of deaths, injuries, or property damage, or
is large enough to constitute a disaster to a whole region
Catastrophic Disaster: Event or incident which produces
severe and widespread damages of such a magnitude as to result in the requirement
for significant resources from outside the affected area to provide the necessary
response. For example, whether a given earthquake qualifies as a catastrophic
disaster depends on the combined effect of geological parameters (e.g., magnitude,
duration, type of earth movement, etc.); environmental parameters (e.g., location,
time of occurrence, existing weather conditions, etc.); sociological parameters
(e.g., preparedness of the population, warning, enhanced building construction,
etc.); and destructive parameters (e.g., building damage and collapse, damage
to infrastructure and systems, etc.)
Catastrophic Disaster Response Group (CDRG): Group of representatives at the
national level from Federal departments and agencies; principal role is a centralized,
liaison coordinating group available at the call of the chairperson whose members
have timely access to the appropriate policy makers in their respective parent
organizations to facilitate decisions on problems and policy issues, should
they arise.
Catchment Area: Region from which the clients of a particular health facility
are drawn. See also Community
Category: Restrictive label that has been applied to classified or unclassified
data as a means of increasing the protection of the data and further restricting
access to the data
Cell: Unit of data transmitted over an ATM (asynchronous transfer mode) network
Central Holding Area: A location where ambulances leave to pick patients up
from the casualty clearing station, or deliver patients to neighboring hospitals
according to a victim distribution plan
CERT: Computer Emergency Response Team, established at the Software Engineering
Institute (SEI) of Carnegie-Mellon University after the 1988 Internet worm attack
Certificate: Digitally signed statement that contains information about an entity
and the entity's public key
Certificate Authority-Signed SSL: Type of SSL that provides authentication and
data encryption through a certificate that is digitally signed by a certificate
authority
Certificate-Based Authentication: Use of SSL and certificates to authenticate
and encrypt HTTP traffic
Certificate Revocation List (CRL): Document maintained and published by a certification
authority (CA) that lists certificates issued by the CA that are no longer valid
Certificate Store: Database containing security certificates
Certification: Comprehensive evaluation of technical and non-technical security
features of a system and other safeguards, made in support of an accreditation
process that establishes the extent to which a particular design and implementation
meet a specified set of security requirements
Certification Authority (CA): Central authority for key management in an overall
system for the use of asymmetric encryption known as a public key infrastructure,
or PKI
Certified Business Continuity Professional (CBCP): Professional certification
of business continuity professionals as administered by DRI International. CBCP
is the most prevalent level of DRII certification.
Chain of Custody: Process for applying the Federal rules of evidence and its
handling
Chain Reaction: Chemical or nuclear process in which some of the products of
the process or energy released by the process are instrumental in the continuation
or magnification of the process
Challenge-Handshake Authentication Protocol (CHAP): Peer-level authentication
method for PPP (point-to-point protocol) that uses a randomly generated challenge
and requires a matching response that depends on a cryptographic hash of the
challenge and a secret key
Challenge/Response: Security procedure in which one communicator requests authentication
of another communicator, and the latter replies with a response based on data
provided by the first
Change Detection: Anti-virus software which looks for changes in the computer
system; often referred to as integrity checking software, but does not necessarily
protect data integrity, nor does it always assess the reasons for a possibly
valid change. See also Challenge Handshake Authentication Protocol
Channel: In communications, a medium for transferring information, which is
also called a line or circuit. Depending on its type, the channel can carry
information in analog or digital form, it can be a physical link, such as a
cable that connects two stations in a network, or it can consist of some electromagnetic
transmission.
Check-in: The process whereby resources first report to an incident or into
an EOC; check-in locations at a SEMS Field level include Incident Command Post
(Resources Unit), Incident Base, Camps, Staging Areas, Helibases, Helispots,
and Division Supervisors (for direct line assignments)
Checklist: Summary of actions to be taken by an individual or organization,
meant to aid memory rather than provide detailed instruction (FEMA definition)
Checklist Exercise: Business continuity exercise method that is used to determine
if information such as phone numbers, manuals, equipment, etc. in the plan is
accurate and current. See also Tabletop Exercise
Checksum: Value computed by a function that is dependent on the contents of
a data object and is stored or transmitted together with the object, for the
purpose of detecting changes in the data
Chemical Emergency Preparedness Program: Program developed by the Environmental
Protection Agency to address accidental releases of acutely toxic chemicals
Chemnet: Mutual aid network of chemical shippers and contractors
Chemoprophylaxis: Administration of an antibiotic agent to prevent an infection,
or to prevent an incubating infection from progressing to disease, or to eliminate
a carrier state to prevent transmission and disease in others; currently available
for anthrax, plague, Q fever, and tularemia
Chief Executive Official: Community official charged with authority to implement
and administer laws, ordinances, and regulations for the community; can be a
mayor, city manager, etc. (FEMA definition)
Chosen Ciphertext Attack: Cryptanalysis technique in which the analyst tries
to determine the key from knowledge of plaintext that corresponds to ciphertext
selected or dictated by the analyst
Chosen Plaintext Attack: Cryptanalysis technique in which the analyst tries
to determine the key from knowledge of ciphertext that corresponds to plaintext
selected or dictated by the analyst
CHRISTMA Exec: Viral type of email message; earliest known script email virus,
using REXX scripting language; first released in December of 1987
Chronic: 1) Referring to a health-related state, lasting a long time; 2) referring
to exposure, prolonged or long-term, often with specific reference to low intensity;
3) the US National Center for Health Statistics defines a "chronic"
condition as one of three months' duration or longer. See also Acute
Cipher: Cryptographic algorithm for encryption and decryption
Cipher Block Chaining (CBC): Method of operating a symmetric block cipher that
uses feedback to combine previously generated ciphertext with new plaintext
to avoid repeating patterns
Cipher Feedback (CFB): Block cipher mode that enhances electronic codebook mode
by chaining together the blocks of ciphertext it produces and operating on plaintext
segments of variable length less than or equal to the block length
Ciphertext: Encrypted form of a message being sent
Ciphertext-Only Attack: Cryptanalysis technique in which the analyst tries to
determine the key solely from knowledge of intercepted ciphertext
Circuit Switched Network: Voice/data network in which a single continuous physical
circuit connects two endpoints
CIREFCA: International Conference on Central American Refugees CIS: Commonwealth
of Independent States Civil Air Patrol (CAP): The CAP conducts disaster relief,
and air search and rescue (S&R) operations within CONUS. CAP can operate
as either a United States Air Force (USAF) auxiliary or in volunteer status
with state and local governments.
Civil Authorities: Elected or appointed officers and employees
who constitute the government of the 50 United States, the District of Columbia,
the Commonwealth of Puerto Rico, U.S. possessions and territories, and political
subdivisions thereof
Civil Disorder: A terrorist attack, riot, violent
protest, demonstration, or illegal assembly; also civil disturbances, riots,
acts of violence, insurrections, unlawful obstructions or assemblages, or other
disorders prejudicial to public law and order; addressed by provisions of Chapter
15, Title 10, U.S. Code
Civil Preparedness Circular/Guides: The medium through
which FEMA policies, program objectives, guidance, and procedures necessary
for the administration of emergency management functions are transmitted to
State and local officials, and others with assigned emergency management responsibilities.
Civil Preparedness Mobilization: Process of marshaling
resources to provide protection for the people, industry, and institutions of
the United States against the effects of the spectrum of emergencies; involves
providing warning and emergency instructions to the public; relocation of people
to safe areas; shelter, food, water, medical care, and other human needs; and
recovery and reconstitution following the emergency
Civil Resources: Resources that are normally not
controlled by Government, including manpower, food and water, health resources,
industrial production, housing and construction, telecommunications, energy,
transportation, minerals, materials, other essential resources, and services
Civil Security: Protection of national systems (facilities,
processes, personnel, and information) from detrimental disruption by deliberate
violent acts of individuals or groups of individuals
Civilian Law Enforcement Official: Officer or employee
of a civilian agency with responsibility for enforcing laws within the agency’s
jurisdiction; may include DEA, FTA, FBI, or State police
Classification: 1) grouping of classified information to which a hierarchical,
restrictive security label is applied to increase data protection; 2) level
of protection required for application to that information. See also Security
Level
Classified: Information that is formally required by a security policy to be
given data confidentiality service and to be marked with a security label to
indicate its protected status; mainly used in government, especially in the
military, and particularly in the US Department of Defense. See also Unclassified
Clear Text: Use of plain English in radio communications transmissions; no use
of “Ten Codes” or agency specific codes when using Clear Text Clearance
Time: Time required to clear the roadways of all vehicles evacuating in response
to a hurricane situation
Client: System entity that requests and uses services provided by another system
entity, called a "server."
Client Computer: A computer that runs a client program. In a network, the client
computer interacts in a client/server relationship with another computer running
a server program.
Client-Server: A model of network operation where services and resources are
requested by the client and fulfilled by the server; from a security perspective,
security policy should be (but is not always) enforced by the server.
Client-Side Reporting: Method of reporting in which data is retrieved from the
server and processed at the client
Clinical Epidemiologist: Specialist in clinical epidemiology. See also Clinical
Epidemiology
Clinical Epidemiology: 1) Epidemiological study conducted
in a clinical setting , usually by clinicians, with patients as the subjects
of a study; 2) the application of epidemiological principles and methods to
problems encountered in clinical medicine. Clinical epidemiology uses the information
from classical epidemiology to aid decision-making about identified cases of
disease. See also Epidemiology
Clone: Process by which a specified folder on the host or remote computer is
made identical to a specified folder on another computer; this includes files
in the source folder, which are copied to the destination folder. See also Synchronize
Closed Security Environment: Environment in which both of
the following conditions hold true: 1) application developers (including maintainers)
have sufficient clearances and authorizations to presume that they have not
introduced malware; 2) configuration control provides sufficient assurance that
applications and the equipment are protected against the introduction of malicious
logic prior to and during the operation of system applications.
Cluster: Aggregation of relatively uncommon events or diseases in space and/or
time in amounts that are believed or perceived to be greater than could be expected
by chance
Cluster Server: Two or more servers linked together to balance variable workloads
or provide continued operation in the event that one server fails
Cluster Virus: Makes changes to disk or directory structure data such that when
a valid program is invoked, the virus is run first. See also FAT Virus, Sector
Virus, System Virus
Clustering: Closely grouped series of events or cases of a disease or other
health-related phenomena with well-defined distribution patterns in relation
to time or place or both; normally used to describe aggregation of relatively
uncommon events or diseases, e.g., plague, smallpox
CMOS (Complementary Metal Oxide Semiconductor): Memory technology that can be
held in a computer, while main power is off, with low power battery backup;
used in MS-DOS/BIOS/ISA computers to hold information tables that define the
basic system hardware
Coastal High Hazard Area: Special flood hazard areas along coasts that have
additional hazards due to wind and wave action
Code: 1) In computer terminology, refers to either human (source) or machine
(object) readable programming. Viruses are not complete programs, and are often
referred to as code to distinguish them from programs that are complete in themselves;
2) system of symbols used to represent information, which might originally have
some other representation
Code Red: First variant of a family that may have included the Nimda virus.
Code Red infected Internet servers running Microsoft IIS (Internet Information
Server) software, and used a known bug in that program to infect new machines
Cold Site: Alternate facility option that has an environmental infrastructure
in place to recover critical business functions or information systems, but
does not have any pre-installed computer hardware, telecommunications equipment,
communication lines, etc. See also: Shell Site; Backup Site; Recovery Site
Collision: Occurs when multiple systems transmit simultaneously on the same
transmission path
Command: Directing, and/or controlling resources at an incident by virtue of
explicit legal, agency, or delegated authority. See also Incident Commander
Command and Control Model: Managerial approach for thinking and acting with
a military focus; e.g., strong leadership overcomes resulting chaos of a disaster.
See also Control; Incident Command System; Span of Control
Command Center: Operational site used by a crisis team after the initial phase
of an emergency; can also serve as a reporting point for deliveries, services,
press and all external contacts. See also Emergency Control Center (ECC); Emergency
Operations Centre (EOC)
Command, Control and Coordination or Communications (C3): Crisis management
process addressing the following: Command – authority for an organization
or parts thereof to direct the actions of its own resources (both personnel
and equipment); Control – authority to direct strategic, tactical and
operational assets to complete an assigned function; includes the ability to
direct activities of others engaged in the completion of that function; Coordination
– harmonious integration of all agencies/roles involved with the goal
of effectively and efficiently concluding the crisis; Communications –
transmission of information among crisis response elements using voice, data,
text, and video
Command-Line Interface (CLI): Alternate way to execute ESM commands in UNIX
and Windows NT environments; supports most ESM commands
Command Post: See also Incident Command Post Command Staff: Command Staff at
the SEMS field level includes the Information Officer, Safety Officer, and Liaison
Officer, all of whom report directly to the Incident Commander; these functions
may also be found at the EOC levels in SEMS.
Command, Unity of: See also Unity of Command
Common Information Model (CIM): Data model of an implementation-neutral schema
for describing overall management information in a network/enterprise environment;
comprised of a Specification (defines the details for integration with other
management models) and Schema (provides actual model descriptions)
Commercial: Programs sold either directly from the manufacturer or through normal
retail channels, as opposed to shareware. See also Freeware, Public Domain,
Open Source, and Shareware
Common Criteria: Method for harmonizing national security standards and security
philosophies. See also Common Criteria for Information Technology Security
Common Criteria for Information Technology Security Common Criteria: Standard
for evaluating information technology products and systems, such as operating
systems, computer networks, distributed systems, and applications; includes
security provisions. Canada, France, Germany, the Netherlands, the United Kingdom,
and the United States (NIST and NSA) began developing this standard in 1993,
based on the European ITSEC, the Canadian Trusted Computer Product Evaluation
Criteria (CTCPEC), and the U.S. "Federal Criteria for Information Technology
Security" (FC) and its precursor, the TCSEC. Version 2.1 of the Criteria
is equivalent to ISO's International Standard 15408 (I15408).
Common Source Epidemic: Outbreak due to exposure of a group of persons to a
noxious attribute that is common to individuals in the group. When the exposure
is brief and essentially simultaneous, the resultant cases all develop within
one incubation period of the disease. See also Epidemic
Common Vehicle Spread: Transmission of a disease agent (e.g., infectious pathogen,
toxic chemical) from a source (e.g., air, water, food, and injected substances)
that is common to those who acquire the disease
Communicable Disease: Illness due to a specific infectious agent or its toxic
products that arises through transmission of that agent or its products from
an infected person, animal, or reservoir to a susceptible host, either directly
or indirectly through an intermediate plan or animal host, vector, or the inanimate
environment. See also Infectious Disease, Transmission of Infection
Communicable Period: Time during which an infectious agent may be transferred
directly or indirectly from an infected person to another person, from an infected
animal to humans, or from an infected person to an animal, including insects.
See also Transmission of Infection
Communications: Transfer of data between computers by a device such as a modem
or cable
Communications Device: Examples: modems, network interface cards; hardware that
enables remote communications and data transfer between computers
Communications, Integrated: See also Integrated Communications
Communications Link: Connection between computers (and/or peripherals) enabling
data transfer; can be a network, modem, or cable
Communications Port (COM Port): Also called a serial port; location for sending
and receiving serial data transmissions; referred to as COM1, COM2, COM3, and
COM4
Communications Protocol: Rules designed to let computers exchange data; defines
issues such as transmission rate, interval type, and mode
Communications Recovery: Actions that facilitate recovery and restoration or
rerouting of voice, data, text and video communications assets in the event
of a loss. See also Telecommunications Recovery, Data Communications Recovery
Communications Security: Measures taken to deny unauthorized persons information
derived from telecommunications of the U.S. Government concerning national security,
and to ensure the authenticity of such telecommunications. Communications security
includes cryptosecurity, transmission security, emission security, and physical
security of communications security material and information.
Communications Session: Time during which two computers are linked and engaged
in transferring information
Communications Unit: An organizational unit in the Logistics Section (ICS) responsible
for providing communication services at an incident or an EOC; may also be a
facility (e.g., a trailer or mobile van) used to provide the major part of an
Incident Communications Center Communications Watch: Lowest Federal civil readiness
level; plans are reviewed and 24-hour communications capability is established
at national offices Community: 1) Individuals organized into a unit, or manifesting
some unifying trait or common interest; loosely, the locality or catchment area
population for which a service is provided, or more broadly, the state, nation,
or body politic (Last's epidemiology); 2) political entity that has the authority
to adopt and enforce laws and ordinances for the area under its jurisdiction.
In most cases, the community is an incorporated town, city, township, village,
or unincorporated area of a county. However, each State defines its own political
subdivisions and forms of government (FEMA definition). See also Catchment Area
Community Assistance: Authorized use of Army assets to provide
support, enhance relations, and promote mutual understanding between the Army
and the civilian community
Community Awareness and Emergency Response: Program
developed by the Chemical Manufacturers Association providing guidance for chemical
plant managers, assisting them in taking the initiative in cooperating with
local communities to develop integrated (community/industry) hazardous materials
emergency plans
Community Disaster Education (CDE): Educating the public before
disasters occur to help them prevent, prepare for, and cope with disasters
Community Profile: Characteristics of the local environment that are prone to
a chemical or nuclear accident; can include population density; age distribution;
number of roadways, railways, and waterways; type of buildings; and local relief
agencies. See also Community
Compacts: Formal working agreements among agencies to obtain mutual aid
Companion Virus: Does not actually attach to another program, but rather interposes
itself into the chain of command, so that the virus is executed before the infected
program
Company: Any piece of equipment having a full complement of personnel
Compartment: Class of information that has need-to-know access controls beyond
those normally provided for access to Confidential, Secret or Top Secret information
Compartmented Security Mode: See also Modes of Operation
Compensation Control: See also Controls
Compensation Unit/Claims Unit: Functional unit within the Finance/Administration
Section (ICS) responsible for financial concerns resulting from property damage,
injuries or fatalities at the incident or within an EOC
Competitive Intelligence: Competitive intelligence is espionage using legal,
or not obviously illegal, means
Compile: Convert a high-level script into a low-level set of commands that can
be executed or run. Syntax errors are discovered when a script is being compiled
Complex: Two or more individual incidents located in the same general area which
are assigned to a single Incident Commander or to a Unified Command
Complex Emergencies: Form of human-made emergency in which
the cause of the emergency as well as assistance to the afflicted are impacted
by political considerations. This sort of emergency is normally associated with
the problems of displaced people during times of civil conflict or with people
caught in areas of conflict
Comprehensive Cooperative Agreement: Provides each
State with a single vehicle for applying for and receiving financial assistance
for various FEMA programs and for organizing and reporting on emergency management
objectives and accomplishments, particularly under the funded programs
Compressed Executable: Program file that has been compressed to save disk space,
and automatically returns to executable form when invoked. See also Archive,
Self-Extracting
Compromise: Perform an action not in accordance with security policy, or to
cause a system to do so; also a violation of system security policy such that
unauthorized disclosure of sensitive information may have occurred
Compromised Security Settings: Attempting to gain access to passwords or other
system-level security settings; also searching for openings in computer Internet-processing
components to install a program on that particular system, which an individual
could remotely control over the Internet
Compromising Emanations: Unintentional data-related or intelligence-bearing
signals that, if intercepted and analyzed, reveal information transmission received,
handled, or otherwise processed by any information processing equipment. See
also Tempest
Computer Abuse: Intentional and improper misuse, alteration, disruption or destruction
of data processing resources
Computer Cryptography: Use of a crypto-algorithm in a computer, microprocessor,
or microcomputer to perform encryption or decryption to protect information
or authenticate users, sources, or information
Computer Emergency Response Team (CERT): See also CERT
Computer Forensics: Obtaining legal evidence from computers and computer use,
especially recovery of data from computers and computer media
Computer Fraud: Computer-related crimes involving deliberate misrepresentation,
alteration or disclosure of data to obtain something of value (e.g., for monetary
gain); usually involves improper manipulation of input data; output or results;
applications programs; data files; computer operations; communications; or computer
hardware, systems software, or firmware
Computer Incident Advisory Capability (CIAC): Computer emergency response team
in the U.S. Department of Energy, known for its series of messages and postings
about security vulnerabilities
Computer Network: A collection of host computers together with the sub-network
or inter-network through which they exchange data
Computer Recovery Team: Individuals responsible for assessing data system damage,
processing data in the interim, and setting up a new/replacement system
Computer Security Audit: Independent evaluation of controls employed to ensure
appropriate protection of an organization's information assets
Computer Security Subsystem: Device designed to provide limited computer security
features in a larger system environment
Computer Security Technical Vulnerability Reporting Program (CSTVRP): Program
that focuses on technical vulnerabilities in commercially available hardware,
firmware and software products acquired by the US DoD
Computer Viral Program: Invented by hacker Rob Slade to describe self-reproducing
programs regardless of other distinctions
Concealment System: Method of achieving confidentiality in which sensitive information
is hidden by embedding it in irrelevant data. See also Steganography
Concurrent Disinfection: See also Disinfection
Confidentiality: Ensuring that information is disclosed only to those who are
authorized to view it; the obligation not to disclose information; and the right
of a person to withhold information from others. See also Respect for Autonomy;
Informed Consent
Configuration Control: Process of controlling modifications to system hardware,
firmware, software, and documentation which ensures that the system is protected
against the introduction of improper modifications prior to, during, and after
system implementation. See also Configuration Management
Configuration Management: Administration of security features and assurances
through control of changes made to system hardware, software, firmware, documentation,
test, test fixtures and test documentation throughout the system’s operational
life. See also Configuration Control
Confinement: Prevention of leaking of sensitive data from a program
Confinement Channel: See also Covert Channel
Confinement Property: See also Star Property
Connection: Successful establishment of a communications link
Consequence: End result following a business disruption or other incident that
can be defined as loss, injury, disadvantage or gain
Consequence Management: Coordination of local, regional, national, and international
assets before, during, and after some sort of attack, such as with weapons of
mass destruction (WMD); CM responses are managed by FEMA and use protocols established
under the Federal Response Plan (FRP); can also include support missions as
described in other Federal operations plans, such as predictive modeling, protective
action recommendations, and mass decontamination. Introduced through Presidential
Decision Directive (PDD) 39 in 1995, which established how the US would respond
to terrorism employing weapons of mass destruction (WMD) and how the consequences
of such an incident should be managed
Console: 1) a program interface for the management of software or networks;
2) in a mainframe or UNIX environment, a terminal consisting of a monitor and
keyboard
Consortium Agreement: Resource sharing agreement made by a group of organizations
to share processing facilities and/or office facilities, if one member of the
group suffers a disaster. See also Reciprocal Agreement
Contact: Situation in which a person or animal has been in association with
an infected person or animal or a contaminated environment, and may have the
opportunity to acquire an infection. See also Direct Contact; Indirect Contact;
Primary Contact
Contact, Direct: See also Direct Contact
Contact, Indirect: See also Indirect Contact
Contact List: List of team members and/or key players to be contacted in a disaster,
including their backups; includes confidential contact data (e.g., home phone,
pager, mobile)
Contact Precautions: Procedures used when placing a patient in a private room
or with someone with the same infection, if possible; examples: 1) using gloves
when entering the room; 2) changing gloves after contact with infective material;
3) using gown when entering the room if patient contact is anticipated or if
patient has diarrhea, a colostomy, or wound drainage not covered by a dressing;
4) limiting movement or transport of the patient form the room; 5) ensuring
that patient care items, bedside equipment, and frequently touched surfaces
receive daily cleaning; 6) dedicating use of non-critical patient-care equipment,
to a single patient, or cohort of patients with the same pathogen. See also
Airborne Precautions; Disinfection; Standard Precautions
Contact, Primary: See also Primary Contact
Contact Tracing: See also Case Finding Contagion Transmission
of infection by direct contact, droplet spread, or contaminated fomites. See
also Fomite; Transmission of Infection
Contagious: Transmitted by contact; in common usage, "highly infectious"
Containment: Regional eradication of communicable disease; dealing with world
wide communicable diseases demands a globally coordinated effort so that countries
that have interrupted transmission do not become re-infected
Contamination: 1) Intermixing of data at different sensitivity and need-to-know
levels; lower level data is contaminated by higher level data; thus, the contaminating
(higher level) data may not receive the required protection; 2) presence of
an infectious agent on a body surface, in or on clothes, bedding, toys, surgical
instruments or dressings, or other inanimate articles or substances including
water, milk and food; 3) undesirable deposition of a chemical, biological, or
radiological material on the surface of structures, areas, objects, or people
(FEMA). See also Biological Contamination; Infection
Content Filtering: Component of a security policy that addresses the semantic
meaning of words in text (such as email messages) as a way of identifying potentially
disruptive content; can also include URL filtering
Contingency Fund: Budget used to manage operating expenses at the time of a
business or government emergency. See also Expense Control
Contingency Plan: 1) Series of organized, sequential activities an organization
or business unit uses to respond to a specific systems failure or disruption
of operations; may incorporate workaround procedures, alternate work areas,
reciprocal agreements, or replacement resources; 2) emergency plan developed
in expectation of a disaster, often based on risk assessments, availability
of human and material resources, community preparedness, and local and international
response capabilities
Contingency Planning: Process of developing advance arrangements and procedures
that enable a business or government agency to respond to an unplanned event
Continuity of Government: Ability to maintain uninterrupted government operations
in the aftermath of a disruptive event; minimum set of processes needed so that
essential government functions can continue
Continuity of Operations Plan (COOP): Organized processes that facilitate system
restoration for emergencies, disasters, mobilization, and for maintaining a
state of readiness to provide the necessary level of information processing
support commensurate with the mission requirements/priorities identified by
the respective functional proponent; often defined as business continuity in
the government sector
Control: 1) To regulate restrain, correct, restore to normal; 2) applied to
many communicable and some non-communicable conditions, control means ongoing
operations or programs aimed at reducing incidence and/or prevalence, or eliminating
such conditions. See also Command and Control Model; Span of Control
Control, Span of: See also Span of Control
Controls: Actions that reduce probability of a risk occurring or mitigate the
impact; similar to safeguards and countermeasures, used to prevent failures
of integrity, availability, and confidentiality. Control areas include administrative
(policies, procedures, etc.), physical (locks, guards, etc.), and technical
(encryption, network auditing, etc.) controls; controls can be preventative/preventive
(deterring and blocking an event), detective (determining and investigating
an event), corrective (restoring and recovering from an event), deterrent (increasing
perceived risk to an attacker), recovery (restoring lost resources), and compensation
(provision of redundancy or other means to counteract loss of resources). See
also Command, Control & Coordination/Communications
Control and Risk Self Assessment (CRSA): See also Control Self Assessment (CSA)
Control Culture: Internal values that influence the control consciousness of
a business or government agency; include integrity, ethical values and competence;
management’s philosophy and operating style; the way management assigns
authority and responsibility and organizes and develops its people
Control Environment: System of controls, financial and otherwise, established
by a Board and management team to transact a firm’s business effectively,
and addresses compliance with laws and regulations. See also Internal Control
Control Framework: Model or accepted system of control elements that covers
all internal controls expected within an organization. See also Risk Framework
Control Room Exercise: Procedures for rehearsing key people, communications,
procedures and information flows between individuals and/or teams in different
control rooms or command centers
Control Self-Assessment (CSA): Techniques used in an audit or in lieu of an
audit to assess risk and control strengths and weaknesses against a control
framework; can be facilitated by internal auditors. See also Control and Risk
Self-Assessment
Control Zone: Physical space surrounding equipment processing sensitive information
that is under sufficient (primarily) physical and (possibly) technical control
to preclude an unauthorized entry or compromise
Controlled Access: See also Access Control
Controlled Sharing: Condition that exists when access control is applied to
all users and components of a system
Convergence: The tendency in disasters for persons, material, and communications
to flow towards the disaster site. See also Informational Convergence; Material
Convergence; Personal Convergence
Convergence, Informational: See also Informational Convergence
Convergence, Material: See also Material Convergence
Convergence, Personal: See also Personal Convergence
Cookie: Data exchanged between an HTTP server and a browser (client of the server)
to store information relating to the client side and retrieve it later for server
use; HTTP servers may send cookies to clients, which the client retains after
the HTTP connection closes; used by servers to maintain persistent client-side
state information for HTTP-based applications, retrieving the state information
in later connections
Cooperating Agency: An agency supplying assistance other than
direct tactical or support functions or resources to the incident control effort
(e.g., American Red Cross, telephone company, etc.)
Coordinate: Systematic exchange of information among principal
participants to carry out a unified response following an emergency
Coordination: Systematically analyzing a situation, developing relevant information,
and informing appropriate command authority of viable alternatives for selection
of the most effective combination of available resources to meet specific objectives.
The coordination process (which can be either intra- or inter-agency) does not
involve dispatch actions.
Coordination Center: Any facility used for coordination of agency or jurisdictional
resources in support of one or more incidents Coordinator: Assistant to principal
executive officer of a political subdivision with the duty of coordinating emergency
management programs of that subdivision. See also Political Subdivision
Cordon (Inner and Outer): Boundary line of an area or zone that is controlled
by emergency services personnel, and from which all unauthorized persons are
excluded for a period of time determined by emergency services leadership. See
also Exclusion Zone
Core Melt Accident: Nuclear reactor accident in which the fuel melts due to
overheating
Core Wars: Computer game in which two or more programs attempt to destroy each
other inside a real or simulated computer; currently a game using a simulated
machine language called Redstone code (or Redcode)
Corporate Governance: System/process by which the directors and officers of
a business or government agency are required to carry out and discharge their
legal, moral and regulatory accountabilities and responsibilities
Corporate Risk: Area of risk management that examines how an organization meets
its corporate governance responsibilities; takes appropriate actions and identifies
and manages emerging risks
Corrective Control: See also Controls
Corruption: Threat that undesirably alters system operation by negatively modifying
system functions or data
Cost Benefit Analysis: Following a BIA and risk assessment, this financial assessment
of strategic BCM options balances the cost of each option against potential
savings; compares cost of implementing countermeasures with the value of a reduced
risk
Counseling: See also Trauma Counseling, Post Traumatic Stress Disorder, Trauma
Management
Covert Channels: Technology by which information can be communicated between
two parties in a secret fashion using normal system operations; example: changing
amount of available hard drive space on a file server can help communicate information
Covert Release (of a Biologic Agent): Unannounced release of a biologic agent
that causes illness; detection is dependent on traditional surveillance methods.
See also Overt Release
Covert Storage Channel: Covert channel that employs direct or indirect writing
of a storage location by one process and the direct or indirect reading of the
storage location by another process
Covert Timing Channel: Covert channel in which one process signals information
to another by modulating its own use of system resources (e.g., CPU time) in
such a way that this manipulation affects the real response time observed by
the second process
Cracker: Someone who tries to break the security of, and gain access to, someone
else's system without being invited; can also be a hacker
CRC: See also Cyclic Redundancy Check
Crate & Ship: Recovery strategy that delivers alternate IT resources post-disaster
via contractual arrangements with equipment suppliers to deliver replacement
hardware within a specified time period. See also Guaranteed Replacement, Drop
Ship, Quick Ship
Crew Transport: Any vehicle capable of transporting personnel in specified numbers
Crisis: Critical event, which, if not handled in a timely and appropriate manner,
could dramatically impact an organization's profitability, reputation, or ability
to operate
Crisis-Induced Migration: Occurs when people are forced to abandon their homes
to move out of harm's way when unanticipated events occur, often resulting from
military operations
Crisis Management: Coordination and execution of a firm’s response to
a crisis in an effective, timely manner; goal is to avoid or minimize damage
to the organization's profitability, reputation, or ability to operate
Crisis Management Team: Organized and trained group consisting of key executives
as well as key role players (e.g., media representative, legal counsel, facilities
manager, disaster recovery coordinator) and business owners of critical organization
functions
Crisis Simulation: Testing an organization's ability to respond to a crisis
in a coordinated, timely, and effective manner, by simulating the occurrence
of a specific crisis
Critical: Condition of a service or other system resource such that denial of
access to, or lack of availability of, that resource would jeopardize a system
user's ability to perform a primary function or would result in other serious
consequences
Critical Action: Includes, but is not limited to, procedures which create or
extend the useful life of such structures or facilities as: 1) those which produce,
use, or store highly volatile, flammable, explosive, toxic, or water reactive
materials; 2) hospitals, nursing homes, and housing for the elderly which are
likely to contain occupants who may not be sufficiently mobile to avoid the
loss of life or injury during flood and storm events; 3) emergency operations
centers or data storage centers which contain records or services that may become
lost or inoperative during flood and storm events; and 4) generating plants
and other principal points of utility infrastructures
Critical Data Point: Point in time to which data must be restored in order to
achieve recovery objectives. See also Recovery Point Objective
Critical Functions: Business activities or information that cannot be interrupted
or unavailable for several business days without significantly jeopardizing
operation of the organization
Critical Infrastructure: Systems whose loss of functionality or destruction
would have a debilitating impact on the economic security of an organization,
community, nation, etc.
Critical Records: Records or documents that, if damaged or destroyed, would
cause considerable inconvenience and/or require replacement or recreation at
considerable expense
Cross-infection: Infection of one person with pathogenic organisms from another
and vice versa. See also Infection
Crossover Cable: Reverses pairs of cables at the other end and can be used to
connect devices directly together
Crossover Error Rate (CER): Situation where false acceptance rate and false
rejection rate are graphed as the sensitivity of a security system; false acceptance
starts off at a high value and declines, whereas false rejections start off
with low values and then climb; point where FAR crosses FRR is the crossover
error rate; generally considered to be a reasonable overall measure of system
accuracy
Cryptanalysis: Mathematical science that deals with analysis of a cryptographic
system in order to gain knowledge needed to break or circumvent the protection
that the system is designed to provide. In other words, convert the cipher text
to plaintext without knowing the key
Cryptographic Algorithm or Hash: Algorithm that employs the science of cryptography,
including encryption algorithms, cryptographic hash algorithms, digital signature
algorithms, and key agreement algorithms
Cryptographic Checksum: One-way function applied to a file to produce a unique
"fingerprint" of the file for later reference; part of the process
of creating a digital signature
Cryptographic Key: See also Key
Cryptography: Process in which a message is garbled in such a way that anyone
who intercepts the message cannot understand it
Cryptoperiod: Time span during which a particular key is used in a cryptographic
system; an aspect of key management
Cryptosecurity: Security or protection resulting from the proper use of technically
sound cryptosystems
Cryptosystem: Complete and functional system for cryptography, including a sound
crypto-algorithm, provisions for the required functions of the system, and proper
key choice and management
Culture: 1) In microbiology, the growth of an organism in or on a nutrient medium;
2) in social science, a set of beliefs, values, symbols, rituals, and heroes
common to and characteristic of a community or nation. See also Community
Current Risk: Remaining risk after safeguards and mitigations have been applied
Current Vulnerability Measure: Danger posed by a threat or vulnerability after
accounting for safeguards used to secure it; use of valid safeguards reduces
current vulnerability measures to less than default vulnerability measures
Cut-Through: Method of switching where only the header of a packet is read before
it is forwarded to its destination
CVE References: List of standardized names for vulnerabilities and other information
security exposures
Cyberpunk: Users and developers dedicated to creating systems for anonymous
communications and network access
Cyclic Redundancy Check (CRC): Checksum algorithm that is not a cryptographic
hash but is used to implement data integrity service where accidental changes
to data are expected
CPM Dictionary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z