Glossary

A B C D E F G H I L M N O P Q R S T U V W Z

C


CABINET

The CABINET endorsement marking is used for material that will be presented to, and/or require decisions by, Cabinet or Cabinet committee.

Candidate (personnel security)

An individual undergoing security vetting is known as the candidate.

CCTV

Closed-Circuit Television

Certification

A procedure by which a formal assurance statement is given that functions, goods or services conform to a specified standard.

Change of circumstance

A relevant change to an employee’s personal circumstances subsequent to a security vetting being conducted and an assessment made.

Chief Information Security Officer (CISO)

A senior executive who is responsible for coordinating communication between security and business functions. The CISO also oversees the application of controls and security risk management processes within an agency.

Chief Security Officer (CSO)

The CSO is an agency executive with overall responsibility for security. The CSO is answerable to, and must have free access to, the agency head on all security-related matters. See New Zealand Government Protective Security Requirements – Security Structure and Agency Responsibilities.

CISO

Chief Information Security Officer

Classification system

See Security classification system.

Classified Document Register (CDR)

A register that includes details of all accountable material, including TOP SECRET protectively marked documents and copies received.

Clear desk policy

A policy requiring an individual to ensure that protectively marked or UNCLASSIFIED official information and other valuable resources are secured appropriately when the person is absent from the workplace.

Clear screen policy

A supplementary policy to the clear desk policy that requires a person to ensure that information on ICT equipment is secured appropriately when the person is absent from the work station, for example, by locking the ICT equipment.

Clearance (personnel security clearance)

See Security clearance.

Clearance process

In the context of personnel security clearances, the process of assessing a person’s suitability for access to protectively marked information (see Protective marking).

CNI

Critical National Infrastructure

Codeword

A type of compartmented marking. A codeword indicates that the information it covers is in a special need-to-know category. Those with a need to access the information will be cleared and briefed about the significance of this type of information. See also Source codeword.

Combined Threat Assessment Group (CTAG)

The CTAG is a fully seconded multi-agency intelligence centre. Its role is to mitigate the risk of the government receiving un-coordinated or conflicting threat assessments in relation to terrorist and criminal threats posing physical harm to New Zealand, it citizens and interests both domestically and overseas.

COMMERCIAL

The COMMERCIAL endorsement marking is used for commercially sensitive processes, negotiations of affairs.

Communications Security (COMSEC)

All measures (including the use of cryptographic security, transmission security, emission security and physical security measures) applied to protect government telecommunications from unauthorised interception and exploitation and to ensure the authenticity of such telecommunications.

Compartmented marking

A marking to indicate that the information is in a specific need-to-know compartment, and it is often necessary to take precautions beyond those normally indicated by the security classification to protect that information. Compartmented markings must follow a security classification and cannot be applied to UNCLASSIFIED information. Such markings may include Codeword or SCI material.

Competitive Tendering and Contracting (CTC)

A process of selecting the preferred provider of goods and services from a range of bidders by seeking offers and evaluating these against predetermined selection criteria.

Compromise or misuse (especially of information resources)

The means by which harm could be caused to assets, especially loss, damage, corruption or disclosure of information, whether deliberate or accidental.

COMPUSEC

Computer Security

Computer Security (COMPUSEC)

The measures taken to ensure the security of information stored on and accessed by computer, for example, access passwords, login information or anti-virus software.

COMSEC

Communications Security

COMSEC officer

The person in an agency who is responsible for authorising and controlling cryptographic access.

CONFIDENTIAL (security classification)

A security classification that shows that compromise of official information would damage National interest in a significant manner.

Confidential information

Information provided with an expectation of confidentiality and that it will only be used by and made available to people with a genuine need to know. The meaning is broader than the information designated by the CONFIDENTIAL security classification.

Confidentiality (of information)

The limiting of access to official information to authorised users for approved purposes. The confidentiality requirement is determined by reference to the likely consequences of unauthorised disclosure of official information. The New Zealand Government Security Classification System has been developed to help agencies identify information that has confidentiality requirements.

Conflict of interest

An interest or obligation, either inside or outside New Zealand, that could interfere with, or hinder, a person’s performance of their duties, or be perceived to interfere or hinder a person’s performance of their duties.

Contact

See Security contact.

Contract

A legally enforceable agreement in which the parties to the contract set out the terms and conditions of the agreement, the rights and obligations or responsibilities of each party and the agreed outcomes of the relationship.

Contracted service provider (contractor)

A person or business entity that has contracted with an agency for the performance of services for, or supply of goods to, that agency.

Control

A measure used to protect official information from compromise of confidentiality, integrity and availability, or mitigate an identified threat to an agency’s people, information or assets.

Countermeasures

Barriers, including procedural, logical or physical countermeasures, used to protect official resources.

CPNI

Centre for the Protection of National Infrastructure (UK Government)

Crime Prevention through Environmental Design (CPTED)

A multi-disciplinary approach to deterring opportunistic criminal behaviour through environmental design using features including natural surveillance (includes direct and indirect presence), access control and territorial reinforcement, that is, the design of clear boundaries and use of landscaping features to define desired movement areas and delineate borders.

Cryptographic Information (CRYPTO)

Information relating to keying material and cryptosystems used for the protection of information. See the New Zealand Information Security Manual for further details on cryptographic requirements.

CTAG

Combined Threat Assessment Group (NZSIS)

CTC

Competitive Tendering and Contracting

Culture of security

See Security culture.

Cyber espionage

Espionage using ICT equipment.