Читаем CISSP Practice полностью

(1) It is a technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. (2) A high-level remote access architecture that provides a secure tunnel between a telework client device (a personal computer used by a remote worker) and a tunneling server through which application system traffic may pass. (3) A method of circumventing a firewall by hiding a message that would be rejected by the firewall inside a second, acceptable message.

Tunneling attack

An attack that attempts to exploit a weakness in a system at a level of abstraction lower than that used by the developer to design and/or test the system.

Tunneling router

A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual decryption and de-encapsulation.

Turnstiles

Turnstiles will decrease the everyday piggybacking or tailgating by forcing people to go through a turnstile one person at a time. Turnstiles are used in data centers and office buildings.

Twisted-pair wire

Twisted-pair wire is the most commonly used media, and its application is limited to single building or a few buildings, and used for lower performance systems.

Two-factor authentication

A type of authentication that requires two independent methods to establish identity and authorization to perform security services. The three most recognized factors are (1) something you are (e.g., biometrics), (2) something you know (e.g., password), and (3) something you have (e.g., smart card).

Two-part code

It is a code consisting of an encoding section (first part) arranged in alphabetical or numeric order and a decoding section (second part) arranged in a separate alphabetical or numeric order.

Two-person control

Continuous surveillance and monitoring of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed and each familiar with established security and safety requirements.

Two-person integrity

System of storage and handling designed to prohibit individual access by requiring the presence of at least two authorized individuals, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed.

Type I and II reports

The Statement on Auditing Standards 70 (SAS 70) of the American Institute of Certified Public Accountants (AICPA) prescribe Type I and Type II attestation reports for its clients after the auditors’ review of the client’s information systems. The SAS 70 is applicable to service organizations (software companies) that develop, provide, and maintain software used by user organizations (that is, user clients and customers). The Type I report states that information systems at the service organizations for processing user transactions are suitably designed with internal controls to achieve the related control objectives. The Type II report states that internal controls at the service organizations are properly designed and operating effectively. The Type I and the Type II reports are an essential part of the ISO/IEC 27001 dealing with information technology, security techniques, and information security management systems requirements.

Types of evidence

The types of evidence required to be admissible in a court of law to prove the truth or falsity of a given fact include the best evidence rule (primary evidence that is natural and in writing), oral testimony from a witness (secondary and direct evidence), physical evidence (tools and equipment), Change to circumstantial evidence based on logical inference (introduction of a defendant's fingerprint or DNA sample), corroborative evidence (oral evidence consistent with a written document), authentication of records and their contents, demonstrative evidence (charts and models), and documentary evidence such as business records produced in the regular course of business (purchase orders and sales orders).

U

UMTS subscriber identity module (USIM)

A module similar to the SIM in GSM/GPRS networks, but with additional capabilities suited to third-generation networks.

Unauthorized access

A person gains logical or physical access without permission to a network, system, application, data, or other IT resource.

Uncertainty

The probability of experiencing a loss as a consequence of a threat event. A risk event that is an identifiable uncertainty is termed as known unknown.

Unclassified information