A | B | C | D | E | F | G | H | I | J | K | L | M |
N | O | P | Q | R | S | T | U

Tamper Resistant
In cryptographic terms, this usually refers to a hardware device that is either impossible or extremely difficult to reverse engineer or extract information from.

TCSEC
Trusted Computer System Evaluation Criteria (TCSEC). DoD 5200.28-STD, National Institute of Standards and Technology (NIST), Gaithersburg, MD., 1985. Establishes uniform security requirements, administrative controls, and technical measures to protect sensitive information processed by DoD computer systems. It provides a standard for security features in commercial products and gives a metric for evaluating the degree of trust that can be placed in computer systems for the securing of sensitive information. See also: C2, Orange Book

Test Condition
A statement defining a constraint that must be satisfied by the program under test

Test Data
The set of specific objects and variables that must be used to demonstrate that a program produces a set of given outcomes. See also: Disaster Recovery, Test program

Test Plan
A document or a section of a document which describes the test conditions, data, and coverage of a particular test or group of tests. See also: Disaster Recovery, Test Condition, Test Data, Test procedure (Script)

Test procedure (Script)
A set of steps necessary to carry out one or a group of tests. These include steps for test environment initialization, test execution, and result analysis. The test procedures are carried out by test operators

Test program
A program which implements the test conditions when initialized with the test data and which collects the results produced by the program being tested. See also: Disaster Recovery, Test Condition, Test Data, Test procedure (Script)

Threat
An event, process, activity (act), substance, or quality of being perpetuated by one or more threat agents, which, when realized, has an adverse effect on organization assets, resulting in losses attributed to:-Direct loss -Related direct loss -Delays or denials -Disclosure of sensitive information -Modification of programs or data bases -Intangible, i.e., good will, reputation, etc.

Threat Agent
Any person or thing, which acts, or has the power to act, to cause, carry, transmit, or support a threat. See also: Threat

Time Period
Required information on an X509 digital certificate which contains the issuance and expiration dates for which the issuer certifies the subject’s public key. The issuer must keep records on the subject until expiration.

Transport Layer Security (TLS)
The likely new standard for Secure Socket Layer (SSL) which provides secure key exchange between an Internet Browser and Internet Server. The TLS protocol based on SSL v3 was published by an Internet Engineering Task Force (IETF) working group in January 1999. Microsoft and Netscape both support TLS. The differences between SSL v3 and TLS version 1 are minor.

Transport Mode
One of two mode choices that controls how much of the data packet is protected by confidentiality and message integrity. Transport Mode encrypts less of the data packet than Tunnel Mode.

Transposition cipher
Enciphering techniques in which individual plaintext letters (or individual bits) change positions.

Trapdoor
A secret undocumented entry point into a computer program, used to grant access without normal methods of access authentication. See also: Malicious Code

Triple DES
Encrypting plaintext with DES three times, effectively lengthening the DES secret key to 3 * 56 =168 bits, which is more secure than both single and double DES.

Trojan Horse
A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security. See also: Malicious Code. Threat agen

Trust Networks
A PGP public key infrastructure (PKI) trust model in which each user creates and distributes his (her) own public key with a self-signed digital certificate. Rather than the centralized control of X.509’s (certificate authority) trust model, PGP uses a distributed trust (web-of-trust) model.

Trusted Computer Base (TCB)
The totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a security policy over a product or system. See also: C2, TCSEC, Orange Book

Trusted Computing System
A computer and operating system that employs sufficient hardware and software integrity measures to allow its use for simultaneously processing a range of sensitive information and can be verified to implement a given security policy

Trusted Third Party (TTP)
An intermediary who shares secret keys with others who don’t have a means to communicate with each other securely. Encrypted communications are funneled through the trusted third party to ensure confidentiality. This model for secure communications is sometimes called the military model because the troops must communicate through a superior ranking solider, the Trusted Third Party.

Tunnel Mode
One of two mode choices in Internet Protocol Security (IPsec) that controls how much of the data packet is protected by confidentiality and message integrity. Tunnel mode encrypts more of the data packet than transport mode. Gateway computers use IPsec in tunnel mode to hide the addresses of internal computers from the outside world.