The FREE Cybersecurity Glossary by Thor Pedersen!

Chief Security Officer (CSO): The senior executive responsible for overseeing an organization's overall security strategy, policies, and operations. They work closely with the CEO and other senior executives to develop and implement solutions that protect the organization's physical, cyber, and human assets.

Chief Technology Officer (CTO): The senior executive responsible for overseeing an organization's technology strategy, policies, and operations. They work closely with the CEO and other senior executives to develop and implement technology solutions that align with the organization's business goals and objectives.

Chosen-ciphertext attack: In a chosen-ciphertext attack, the attacker has access to a ciphertext (encrypted message) and is able to manipulate it in some way to try and derive the plaintext (original message). For example, the attacker may try to modify the ciphertext and see how the resulting decryption changes in order to learn more about the encryption algorithm and key being used.

Chosen-plaintext attack: A method used in cryptanalysis where the attacker can choose arbitrary plaintexts to be encrypted and obtains the corresponding ciphertexts. This capability allows the attacker to gather information that may reveal the encryption key or algorithm characteristics, enhancing their ability to perform further attacks or decode messages.

CIA Triad: A widely-used information security model that represents the three fundamental principles of security - Confidentiality, Integrity, and Availability. Confidentiality is about protecting information from being accessed by unauthorized parties, integrity ensures that the information is accurate and hasn't been improperly modified, and availability ensures that the information is accessible to authorized users when needed. The triad serves as a simple framework for keeping an organization's sensitive data secure.

CI/CD Environments: CI/CD stands for Continuous Integration and Continuous Delivery/Deployment. Continuous Integration involves integrating changes from different contributors into a central repository frequently, which encourages catching integration bugs early. Continuous Delivery/Deployment involves automating the release process to get validated changes deployed to production quickly and sustainably. From a security perspective, CI/CD environments should be set up to include automated security checks and tests at various stages, such as static code analysis for potential vulnerabilities and dynamic testing in staging environments, to ensure that security is a part of the process from start to finish.