A goal an organization can accomplish by having plans and procedures to help mitigate the effects a disaster has on its continuing operations and to speed the return to normal operations. The uninterrupted availability of information paths for the effective performance of organizational function.
Any protective action, device, procedure, technique, or other measure that reduces exposures. The use of access rules or countermeasures to limit a subject’s access to an object.
|Control Objectives for Information and Related Technology (COBIT)||
A security concept infrastructure used to organize the complex security solution of companies. Control Objectives for Information and related Technology (COBIT), Release 4. 0, IT Governance Institute, 2005.
|Controlled access area||
A specifically designated area within a building where classified information may be handled, stored, discussed, or processed. Physical area (e. g. , building, room, etc. ) to which only authorized personnel are granted unrestricted access. All other personnel are either escorted by authorized personnel or are under continuous surveillance.
|Controlled cryptographic item (CCI)||
Secure telecommunications or information handling equipment, or associated cryptographic component, that is unclassified but governed by a special set of control requirements. Such items are marked “CONTROLLED CRYPTOGRAPHIC ITEM” or, where space is limited, “CCI. ”Secure telecommunications or information handling equipment, or associated cryptographic components, which are unclassified but governed by a special set of control requirements.
Law that guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work. The author or artist’s right to control the copying of his or her work.
Action, device, procedure, technique, or other measure that reduces the vulnerability of an information system. The deployment of a set of security services to protect against a security threat.
The level of interaction between objects. Lower coupling means less interaction. Lower coupling delivers better software design because objects are more independent. Lower coupling is easier to troubleshoot and update. Objects with low cohesion require lots of assistance from other objects to perform tasks and have high coupling. The manner and degree of interdependence between software modules. Types include common environment coupling, content coupling, control coupling, data coupling, hybrid coupling, and pathological coupling.
A channel of communication within a computer system, or network, that is not designed or intended to transfer information. The means by which data can be communicated outside of normal, expected, or detectable methods. Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an information system security policy. (. See overt channel and exploitable channel. )
|Covert Storage Channel||
A channel that conveys information by writing data to a common storage area where another process can read it. A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource that is shared by two subjects at different security levels. Covert channel involving the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e. g. , sectors on a disk) that is shared by two subjects at different security levels.