Page 363

cations, telephony, or stored computer data by an unauthorized party. See exceptional access.

THREAT—the potential for exploitation of a vulnerability.

TOKEN—when used in the context of authentication, a (usually) physical device necessary for user identification.

TRAP AND TRACE—a device that identifies the telephone numbers from which calls have been placed to a target telephone number.

TROJAN HORSE—a computer program whose execution would result in undesired side effects, generally unanticipated by the user. A Trojan horse program may otherwise give the appearance of providing normal functionality.

TRUST—the concept that a system will provide its intended functionality with a stated level of confidence. The term is also used for other entities, e.g., trusted software, trusted network, trusted individual. Sometimes the confidence—also called the assurance—can be measured, but sometimes it is inferred on the basis of testing and other information.

TRUSTWORTHINESS—assurance that a system deserves to be trusted.


VULNERABILITY—a weakness in a system that can be exploited to violate the system's intended behavior. There may be vulnerabilities in security, integrity, availability, and other aspects. The act of exploiting a vulnerability represents a threat, which has an associated risk of being exploited.


WORK FACTOR—a measure of the difficulty of undertaking a brute-force test of all possible keys against a given ciphertext and known algorithm.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement