CISSP – Glossary Term T

CISSP LogoThis is my personal glossary about my preparation for obtain CISSP Certification and understand all Security keywords.  Here all keywords  beginning by letter T.

 

 

T

Take-Grant Model: A security model that specifies the rights that a subject can transfer to or from another subject or object.

Teardrop attack: A type of stack overflow attack that exploits vulnerabilities in the Internet Protocol IP.

Technical (or logical) controls: Hardware and software technology used ti implement access control.

Telnet: A network protocol used to establish a command line interface o, another system over a network.

Terminal Access Controller Access Control System (TACAS): A User Datagram Protocol (UDP)-based access control protocol that provides authentication, authorization, and accounting.

Threat: Any natural  or man-made circumstance or event that can have an adverse or undesirable impact, whether minor or major, on an organizational asset.

Threat modeling: A systematic process used to identify likely threats vulnerabilities, and countermeasures for a specific application and its uses during the design phase of the application (or software) development life Cycle (SDLC).

Three-way handshake: The method used to establish and tear down network connections in the Transmission Control Protocol (TCP).

Token: A hardware device used in two-factor authentication.

Token-Ring: A star topology network transport protocol (IBM).

trade Secret: Proprietary or business-related information that a company or individual uses and has exclusive rights to.

Trademark: As defined by the U.S. Patent and Trademark Office (PTO), a Trademark is “any word name, symbol, or device, or any combination, used or intended to be used in commerce to identify and distinguish the good of one manufacturer or seller from goods manufactured or sold by others”.

Traffic analysis: A method to attack in which an attacker observes network traffic patterns in order to make deductions about network utilization, architecture, behavior, or other discernable characteristics.

Transient: A momentary electrical linenoise disturbance.

Transmission Control Protocol (TCP): A connection-oriented network protocol provides reliable delivery of packets over a network.

Transposition cipher: Cipher that rearrange bits, characters, or characters blocks in plaintext to produce ciphertext.

Trap door: A feature within a program that perform an undocumented function (usually a security bypass, such as an elevation privilege).

Trojan Horse: A program that purports to perform a given function, but which actually performs some other (usually malicious) function.

Trusted Computer System: A system that employs all necessary hardware and software assurance measures and meets the specified requirements for reliability and security.

Trusted Computer Systems Evaluation Criteria (TCSEC): Commonly know as the Orange book. Formal systems evaluation criteria developed for the U.S.S Department of Defense  by The National Computer Security Center (NCSC)as part of rainbow series.

Trusted Computing Base (TCB): The total combination of protection, mechanisms within computer system, including hardware, firmware and software, that are responsible for enforcing Security Policy.

Trusted Network Interpretation (TNI): `commonly know as the red book (of Rainbow series). Addresses confidentiality and integrity in trusted computer/communication network systems.

Trusted path: A direct communication path between the user and the trusted computing base (TCB) that doesn’t require interaction with untrusted applications or operating system layers.

Trusted recovery: Safeguard to prevent the disclosure of information during the recovery of a system after a failure.

Two-factor authentification: An authentication method that requires tow ways of establishing identity.