Читаем CISSP Practice полностью

Test plan

A plan that details the specific tests and procedures to be followed when testing software.

Test procedure

Detailed instructions for the setup, execution, and evaluation of results for a given test case.

Testability

Effort required for testing a computer program to ensure it performs its intended function.

Test-word

A string of characters (a test-word) is appended by a sending institution to a transaction sent over unprotected telex/telegraph networks. The receiving institution repeats the same process using the received transaction data, and was thereby able to verify the integrity of the transaction. A test-word is an early-technology realization of a seal.

Thick client

In a client/server system, a thick client is a software application that requires programs other than just the browser on a user’s computer, that is, it requires code on both a client and server computers (e.g., Microsoft Outlook). The terms “thin” and “thick” refer to the amount of code that must be run on the client computer. Thick clients are generally less secure than thin clients in the way encryption keys are handled.

Thin client

In a client/server system, a thin client is a software application that requires nothing more than a browser and can be run only on the user’s computer (e.g., Microsoft Word). The terms “thin” and “thick” refer to the amount of code that must be run on the client computer. Thin clients are generally more secure than thick clients in the way encryption keys are handled.

Thrashing

A situation that occurs when paging on a virtual memory system is so frequent that little time is left for useful work.

Thread testing

It examines the execution time behavior of computer programs. A thread can be a sequence of programmer statements (source code) or machine instructions (object code). Petri nets can be used to analyze thread interactions. In the finite-state-machine (FSM) model, program paths are converted to threads.

Threat

An entity or event with the potential to harm a system. Threats are possible dangers to a computer system, which may result in the interception, alteration, obstruction, or destruction of computing resources, or in some other way disrupt the system. It is any circumstance or event with the potential to adversely impact organization operations (including mission, functions, image or reputation), organizational assets, individuals, and other organizations through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Threat is the potential for a threat-source to successfully exploit a particular information system’s vulnerability. It is an activity (deliberate or unintentional) with the potential for causing harm to an automated information system and a potential violation of system security. Threats arise from internal system failures, human errors, attacks, and natural catastrophes. Threats can be viewed in terms of categories and classes, as shown in the following table: Categories Classes Human categories Intentional or unintentional Environmental categories Natural or man-made (fabricated)

Threat agent/source

The intent and method targeted at the intentional exploitation of vulnerability or a situation and method that may accidentally trigger vulnerability. It is a method used to exploit vulnerability in a system, operation, or facility.

Threat analysis

The examination of threat-sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment. Threat is threat-source and vulnerability pair, which can be analyzed in parallel. However, threat analysis cannot be performed until after vulnerability analysis has been conducted because vulnerabilities lead to threats, which, in turn, lead to risks.

Threat assessment

A process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat.

Threat event

A catastrophic occurrence. Examples include fire, flood, power outage, and hardware/software failures.

Threat monitoring

The analysis, assessment, and review of audit trails and other data collected to search out system events that may constitute violations or attempted violations of system security.

Threat-source/agent

The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. It is a method used to exploit vulnerability in a system, operation, or facility.

Threshold

A value that sets the limit between normal and abnormal behavior.

Ticket-oriented protection system