T-GLOSSARY

Question 1

Threat

Answer 1

Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm. A potential cause of an unwanted incident. (ISO/IEC 13335).

Question 2

Threat agent

Answer 2

Methods and things used to exploit a vulnerability. Examples include determination, capability, motive and resources.

Question 3

Threat analysis

Answer 3

An evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against information assets. The threat analysis usually also defines the level of threat and the likelihood of it materializing.

Question 4

Threat assessment

Answer 4

The identification of types of threats to which an organization might be exposed.

Question 5

Threat event

Answer 5

Any event where a threat element/actor acts against an asset in a manner that has the potential to directly result in harm

Question 6

Threat model

Answer 6

Used to describe a given threat and the harm it could to do a system if it has a vulnerability

Question 7

Threat vector

Answer 7

The method a threat uses to exploit the target

Question 8

Token

Answer 8

A device that is used to authenticate a user, typically in addition to a user name and password.
A token is usually a device that displays a pseudo
random number that changes every few minutes.

Question 9

Total cost of ownership (TCO)

Answer 9

Includes the original cost of the computer plus the cost of: software, hardware and software upgrades, maintenance, technical support, training, and certain activities performed by users

Question 10

Transmission Control Protocol (TCP)

Answer 10

A connection-based Internet protocol that supports reliable data transfer connections

Question 11

Scope Notes:

Answer 11

Packet data are verified using checksums and

re-transmitted if they are missing or corrupted. The application plays no part in validating the transfer.

Question 12

Trusted system

Answer 12

A system that employs sufficient hardware and software assurance measures to allow its use for processing simultaneously a range of sensitive or classified information

Question 13

Tunneling

Answer 13

Commonly used to bridge between incompatible hosts/routers or to provide encryption; a method by which one network protocol encapsulates another protocol within itself

Question 14

Two-factor authentication

Answer 14

The use of two independent mechanisms for authentication, (e.g., requiring a smart card and a password); typically the combination of something you know, are or have

Question 15

Uniform resource locator (URL)

Answer 15

The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use; the second part specifies the IP address or the domain name where the
resource is located (e.g., http://www.isaca.org).