tabletop exercise - A type of exercise in which participants respond to notional events to test out procedures and ensure they actually do what they\'re intended to and that everyone knows their role in responding to the events.
TACACS - (Terminal Access Controller Access Control System) - A client/server authentication protocol that provides the same type of functionality as RADIUS and is used as a central access control mechanism mainly for remote users.
tactical goals - Midterm goals to accomplish. These may be milestones to accomplish within a project or specific projects to accomplish in a year. Strategic, tactical, and operational goals make up a planning horizon.
TCB - (Trusted Computing Base) - All of the protection mechanisms within a computer system (software, hardware, and firmware) that are responsible for enforcing a security policy.
TCP - (Transmission Control Protocol) - Provides connection-oriented data management and reliable data transfer through the use of a three-way handshake to establish connections and sequence and acknowledgement numbers for error detection and correction.
TCP/IP Model - (Transmission Control Protocol/Internet Protocol) - Layering model structured into four layers (network interface layer, internet layer, transport layer, host-to-host transport layer, application layer).
teardrop attack - Exploits the reassembly of fragmented IP packets in the fragment offset field that indicates the starting position, or offset, of the data contained in a fragmented packet relative to the data of the original unfragmented packet.
technical controls - These controls, also called logical access control mechanisms, work in software to provide availability, integrity, or confidentiality protection. Some examples are passwords, identification and authentication methods, security devices, auditing, and the configuration of the network.
Tempest - The study and control of spurious electronic signals emitted by electrical equipment. Tempest equipment is implemented to prevent intruders from picking up information through the airwaves with listening devices.
Terminal Access Controller Access Control System - A client/server authentication protocol that provides the same type of functionality as RADIUS and is used as a central access control mechanism mainly for remote users.
threat - Any potential danger that a vulnerability will be exploited by a threat agent.
threat modeling - A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
time multiplexing - Allows the operating system to provide well- defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.
time of check time of use - An attack that takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.
Title bar - Title content
TOC TOU - (Time Of Check Time Of Use) - An attack that takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.
top-down approach - An approach in which the initiation, support, and direction for a project come from top management and work their way down through middle management and then to staff members.
topology - The physical construction of how nodes are connected to form a network.
total risk - When a safeguard is not implemented, an organization is faced with the total risk of that particular vulnerability.
TPM - (Trusted Platform Module) - A secure crypto processor and storage module.
trademark - A legal right that protects a word, name, product shape, symbol, color, or a combination of these used to identify a product or a company.
transmission control protocol - Provides connection-oriented data management and reliable data transfer through the use of a three-way handshake to establish connections and sequence and acknowledgement numbers for error detection and correction.
transport control protocol/internet protocol model - Layering model structured into four layers (network interface layer, internet layer, transport layer, host-to-host transport layer, application layer).
transposition - The process of reordering the plaintext to hide the message by using the same letters or bits.
Trojan horse - A computer program that has an apparently or actually useful function, but that also contains hidden malicious capabilities to exploit a vulnerability and/or provide unauthorized access into a system.
trusted computer system - A system that has the necessary controls to ensure the security policy will not be compromised and that can process a range of sensitive or classified information simultaneously.
trusted computing base - All of the protection mechanisms within a computer system (software, hardware, and firmware) that are responsible for enforcing a security policy.
trusted path - A mechanism within the system that enables the user to communicate directly with the TCB. This mechanism can be activated only by the user or the TCB and not by an untrusted mechanism or process.
trusted platform module - A secure crypto processor and storage module.
trusted recovery - A set of procedures that restores a system and its data in a trusted manner after the system has been disrupted or a system failure has occurred.
TTX - (TableTop eXercise) - A type of exercise in which participants respond to notional events to test out procedures and ensure they actually do what they\'re intended to and that everyone knows their role in responding to the events.