T-GLOSSARY Flashcards Preview

CISM-T-GLOSSARY > T-GLOSSARY > Flashcards

Flashcards in T-GLOSSARY Deck (15)
Loading flashcards...
1

Threat

Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm. A potential cause of an unwanted incident. (ISO/IEC 13335).

2

Threat agent

Methods and things used to exploit a vulnerability. Examples include determination, capability, motive and resources.

3

Threat analysis

An evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against information assets. The threat analysis usually also defines the level of threat and the likelihood of it materializing.

4

Threat assessment

The identification of types of threats to which an organization might be exposed.

5

Threat event

Any event where a threat element/actor acts against an asset in a manner that has the potential to directly result in harm

6

Threat model

Used to describe a given threat and the harm it could to do a system if it has a vulnerability

7

Threat vector

The method a threat uses to exploit the target

8

Token

A device that is used to authenticate a user, typically in addition to a user name and password.
A token is usually a device that displays a pseudo
random number that changes every few minutes.

9

Total cost of ownership (TCO)

Includes the original cost of the computer plus the cost of: software, hardware and software upgrades, maintenance, technical support, training, and certain activities performed by users

10

Transmission Control Protocol (TCP)

A connection-based Internet protocol that supports reliable data transfer connections

11

Scope Notes:

Packet data are verified using checksums and
re-transmitted if they are missing or corrupted. The application plays no part in validating the transfer.

12

Trusted system

A system that employs sufficient hardware and software assurance measures to allow its use for processing simultaneously a range of sensitive or classified information

13

Tunneling

Commonly used to bridge between incompatible hosts/routers or to provide encryption; a method by which one network protocol encapsulates another protocol within itself

14

Two-factor authentication

The use of two independent mechanisms for authentication, (e.g., requiring a smart card and a password); typically the combination of something you know, are or have

15

Uniform resource locator (URL)

The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use; the second part specifies the IP address or the domain name where the
resource is located (e.g., http://www.isaca.org).