- Challenge/Response Token A security token or device that produces a response code used in authentication processes. When presented with a challenge, such as a numeric code or a nonce provided by the authentication system, the token generates a corresponding response based on a secret key or algorithm. This response is then used to verify the user's identity. These tokens enhance security by requiring something the user has (the token) in addition to something the user knows (a PIN or password).
- Change advisory board (CAB) A committee made up of stakeholders and subject matter experts whose role is to assess, prioritize, and approve changes to an environment or system. The CAB is responsible for evaluating the proposed changes in terms of their potential benefits, risks, and impacts to ensure changes are managed methodically to prevent negative effects and maintain smooth operations. This group plays a significant role in ensuring changes do not unintentionally introduce new vulnerabilities or weaken existing safeguards.
- Change control A systematic approach to managing alterations to a system, project, or process. The process typically includes steps like documenting, evaluating, approving, and implementing changes. The goal is to prevent unnecessary changes, minimize the risk of adverse effects, and ensure that all modifications are traceable and well-documented. This is especially crucial for maintaining the integrity of the environment, as unplanned or unapproved changes can lead to vulnerabilities or inconsistencies that can be exploited by malicious parties.
- Change control board (CCB) A group that reviews, approves, or rejects proposed changes to a project or system. This body evaluates the implications of the changes on the whole system, taking into account factors such as risk, cost, and schedule. The CCB's role is to ensure that the proposed changes are beneficial, feasible, and compatible with the existing structure and that they do not negatively impact the overall functionality and security.
- Change Documentation The detailed record of any alterations made to a system, project, or process. It includes information about the nature of changes, the individuals who authorized them, the time of their implementation, the reasons for their necessity, and the impact they had. This record serves as an important audit trail for understanding modifications over time and aids in tracking any changes that could potentially introduce vulnerabilities or inconsistencies into a system.
- Change Management A structured approach to handling modifications, both from the organization's perspective and on the individual level. It entails planning, testing, implementing, and reviewing changes to ensure they are managed in a controlled manner. The aim of change management is to minimize disruption, reduce potential vulnerabilities arising from system modifications, and prevent unnecessary consequences that could weaken the overall system.
- Change Management Board A governance body typically established to oversee and approve changes in an organization, ensuring they align with strategic objectives and do not introduce undue risk. The term "Change Management Board" is less commonly used than "Change Advisory Board" (CAB) or "Change Control Board" (CCB), both of which serve a similar function within the ITIL framework for managing changes effectively.
- Channels In a communication context, channels refer to the medium through which data is transmitted from one place to another. This could include physical channels, such as wires or fiber optic cables, and wireless channels, such as those used in radio or infrared communication. From a security perspective, protecting these channels is essential to ensure that data is not intercepted, tampered with, or accessed by unauthorized individuals during transmission.
- Channel Service Unit/Digital Service Unit (CSU/DSU) Hardware devices used in digital telecommunications to connect the end customer's equipment with the public switched network. A CSU/DSU translates the digital signals produced by the customer's equipment into signals that can be transmitted over the carrier's network and vice versa. These devices are essential for enabling reliable data transmission over digital communication lines such as T1 and T3 connections.
- Chaos engineering A method of testing the resilience and robustness of systems by intentionally introducing failures or disruptions into a system in a controlled manner. It is used to identify and address potential weaknesses or vulnerabilities in a system and to ensure that it can withstand unexpected failures or events. Examples of chaos engineering include testing the ability of a system to recover from a database failure or simulating a network outage.
Share our FREE glossary with your friends and study buddies.
Disclaimer: The glossary is for informational purposes only, we are not liable for any errors or omissions, if you find errors please contact us.