TUWZ Flashcards
Threat agent
Methods and things used to exploit a vulnerability
Threat analysis
An evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against enterprise assets
Threat event
Any event during which a threat element/actor acts against an asset in a manner that has the potential to directly result in harm
Threat vector
The path or route used by the adversary to gain access to the target
Threat
Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm
Token
In security systems, a physical device that is used to authenticate a user, typically in addition to a username and password; in programming languages, a single element of the language
Total cost of ownership (TCO)
Includes the original cost of the computer plus the cost of: software, hardware and software upgrades, maintenance, technical support, training, and certain activities performed by users.
Transmission Control Protocol (TCP)
A connection-based Internet protocol that supports reliable data transfer connections
Trusted system
A system that employs sufficient hardware and software assurance measures to allow their use for processing a range of sensitive or classified information.
Tunneling
Commonly used to bridge between incompatible hosts/routers or to provide encryption, a method by which one network protocol encapsulates another protocol within itself.
Two-factor authentication
The use of two independent mechanisms for authentication (e.g., requiring a smart card and a password); typically the combination of something you know, are or have
Uniform resource locator (URL)
The string of characters that form a web address
Virtual private network (VPN)
A secure private network that uses the public telecommunications infrastructure to transmit data
Virus signature file
The file of virus patterns that are compared with existing files to determine whether they are infected with a virus or worm.
Virus signature
The file of virus patterns that are compared with existing files to determine whether they are infected with a virus or worm
Voice-over Internet Protocol (VoIP)
Also called IP Telephony, Internet Telephony and Broadband Phone, a technology that makes it possible to have a voice conversation over the Internet or over any dedicated Internet Protocol (IP) network instead of over dedicated voice transmission lines
Vulnerability analysis
A process of identifying and classifying vulnerabilities
Vulnerability
A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events
Warm site
Similar to a hot site but not fully equipped with all of the necessary hardware needed for recovery
Web hosting
The business of providing the equipment and services required to host and maintain files for one or more web sites and provide fast Internet connections to those sites.
Web server
End-point hardware or software that serves web pages to users
Wide area network (WAN)
A computer network connecting multiple offices or buildings over a larger area
Wi-Fi Protected Access II (WPA2)
Wireless security protocol that supports 802.11i encryption standards to provide greater security. This protocol uses Advanced Encryption Standards (AES) and Temporal Key Integrity Protocol (TKIP) for stronger encryption.
Worm
A programmed network attack in which a self-replicating program does not attach itself to programs, but rather spreads independently of users’ action
Write blocker
A device that allows the acquisition of information on a drive without creating the possibility of accidentally damaging the drive
Zero-day exploit
A vulnerability that is exploited before the software creator/vendor is even aware of its existence. May also refer to known flaws that do not have a patch available.
