Glossary

A B C D E F G H I L M N O P Q R S T U V W Z

C

---

CABINET

The CABINET endorsement marking is used for material that will be presented to, and/or require decisions by, Cabinet or Cabinet committee.

Candidate (personnel security)

An individual undergoing security vetting is known as the candidate.

CCTV

Closed-Circuit Television

Certification

A procedure by which a formal assurance statement is given that functions, goods or services conform to a specified standard.

Change of circumstance

A relevant change to an employee’s personal circumstances subsequent to a security vetting being conducted and an assessment made.

Chief Information Security Officer (CISO)

A senior executive who is responsible for coordinating communication between security and business functions. The CISO also oversees the application of controls and security risk management processes within an agency.

Chief Security Officer (CSO)

The CSO is an agency executive with overall responsibility for security. The CSO is answerable to, and must have free access to, the agency head on all security-related matters. See New Zealand Government Protective Security Requirements – Security Structure and Agency Responsibilities.

CISO

Chief Information Security Officer

Classification system

New Zealand Government Information Security Classification System. This is New Zealand government’s administrative system (principles, policies, guidance, tools, and resources) for the appropriate classification and handling of government information to ensure it is appropriately used, managed, and protected.

Classified Document Register (CDR)

A register that includes details of all accountable material, including TOP SECRET protectively marked documents and copies received.

Classified information

Classified information is any government information that requires security and special handling to protect it. The information is generally protectively marked with the classification level (e.g. IN-CONFIDENCE, SENSITIVE, RESTRICTED, CONFIDENTIAL, SECRET, TOP SECRET) and may also include other endorsement or compartmented markings. See also Protective marking, Endorsement marking, and Compartmented marking.

Clear desk policy

A policy requiring an individual to ensure that protectively marked or UNCLASSIFIED official information and other valuable resources are secured appropriately when the person is absent from the workplace.

Clear screen policy

A supplementary policy to the clear desk policy that requires a person to ensure that information on ICT equipment is secured appropriately when the person is absent from the work station, for example, by locking the ICT equipment.

Clearance (personnel security clearance)

See Security clearance.

Clearance process

In the context of personnel security clearances, the process of assessing a person’s suitability for access to protectively marked information (see Protective marking).

CNI

Critical National Infrastructure

Codeword

A type of compartmented marking. A codeword indicates that the information it covers is in a special need-to-know category. Those with a need to access the information will be cleared and briefed about the significance of this type of information. See also Source codeword.

Combined Threat Assessment Group (CTAG)

The CTAG is a fully seconded multi-agency intelligence centre. Its role is to mitigate the risk of the government receiving un-coordinated or conflicting threat assessments in relation to terrorist and criminal threats posing physical harm to New Zealand, it citizens and interests both domestically and overseas.

COMMERCIAL

The COMMERCIAL endorsement marking is used for commercially sensitive processes, negotiations of affairs.

Communications Security (COMSEC)

All measures (including the use of cryptographic security, transmission security, emission security and physical security measures) applied to protect government telecommunications from unauthorised interception and exploitation and to ensure the authenticity of such telecommunications.

Compartmented marking

A compartmented marking is an additional protective marking that is combined with the classification and endorsement marking (if applicable) indicating that the information is in a specific compartment. This word could be a codeword or ‘Sensitive Compartmented Information (SCI)’. See also Protective marking, Need to know, Endorsement marking, and SCI.

Competitive Tendering and Contracting (CTC)

A process of selecting the preferred provider of goods and services from a range of bidders by seeking offers and evaluating these against predetermined selection criteria.

Compromise

Information compromise is the intentional or unintentional unauthorised disclosure, removal, tampering, destruction, or misuse of the information.

COMPUSEC

Computer Security

Computer Security (COMPUSEC)

The measures taken to ensure the security of information stored on and accessed by computer, for example, access passwords, login information or anti-virus software.

COMSEC

Communications Security

COMSEC officer

The person in an agency who is responsible for authorising and controlling cryptographic access.

CONFIDENTIAL (security classification)

A security classification that shows that compromise of official information would damage National interest in a significant manner.

Confidential information

Information provided with an expectation of confidentiality and that it will only be used by and made available to people with a genuine need to know. The meaning is broader than the information designated by the CONFIDENTIAL security classification.

Confidentiality (of information)

Confidentiality means that information is protected from unauthorised disclosure or access. See also Integrity and Availability.

Conflict of interest

An interest or obligation, either inside or outside New Zealand, that could interfere with, or hinder, a person’s performance of their duties, or be perceived to interfere or hinder a person’s performance of their duties.

Contact

See Security contact.

Contract

A legally enforceable agreement in which the parties to the contract set out the terms and conditions of the agreement, the rights and obligations or responsibilities of each party and the agreed outcomes of the relationship.

Contracted service provider (contractor)

A person or business entity that has contracted with an agency for the performance of services for, or supply of goods to, that agency.

Control

A measure used to protect official information from compromise of confidentiality, integrity and availability, or mitigate an identified threat to an agency’s people, information or assets.

Countermeasures

Barriers, including procedural, logical or physical countermeasures, used to protect official resources.

CPNI

Centre for the Protection of National Infrastructure (UK Government)

Crime Prevention through Environmental Design (CPTED)

A multi-disciplinary approach to deterring opportunistic criminal behaviour through environmental design using features including natural surveillance (includes direct and indirect presence), access control and territorial reinforcement, that is, the design of clear boundaries and use of landscaping features to define desired movement areas and delineate borders.

Cryptographic Information (CRYPTO)

Information relating to keying material and cryptosystems used for the protection of information. See the New Zealand Information Security Manual for further details on cryptographic requirements.

CTAG

Combined Threat Assessment Group (NZSIS)

CTC

Competitive Tendering and Contracting

Culture of security

See Security culture.

Cyber espionage

Espionage using ICT equipment.