Contingency Planning & Management

CPM Dictionary: T

T1, T3: Digital circuits (North America) that use TDM (time division multiplexing); T1 = 1.544 Mbps, T3 = 45M bps. See also E1, E3

Table Top Exercise: Technique for rehearsing emergency teams in which participants review and discuss the actions they would take according to their plans, but do not perform any of these actions; can be conducted with a single team, or multiple teams, typically under the guidance of exercise facilitators

Tactical Control: Actions established to provide and coordinate action plans that deal with emergency events and/or implement policy and strategy of the strategic level of control; also determines priority in allocation of resources in the coordination of plan implementation. See also Level 2 Control, Silver Control

Tactical Direction: Instructions and procedures given by field level Operations Section Chief which include tactics appropriate for the selected strategy, selection and assignment of resources, tactics implementation, and performance monitoring and measurement for each operational period

Tamper: Deliberately alter a system's logic, data, or control information that causes the system to perform unauthorized functions or services

Tanks: Stationary storage tanks, portable tanks, rail tank cars and highway cargo tanks; does not include smaller containers, such as cylinders

Tarpit: Term describing ways to delay and disrupt unwanted behavior; example: mail transfer agent used SMTP continuation lines to hold a mail connection open for long periods of time so as to disrupt spamming; also describes throttling the number of connections a computer can make to reduce the spread of worms

Task Force: Combination of single resources assembled for a particular tactical need, with common communications and a leader; group of resources with common communications and a leader temporarily assembled for a specific mission. See Incident Command System

Task List: Defined mandatory and discretionary tasks allocated to teams and/or individual roles within a plan

Tape Backup: Process of storing critical data onto magnetic tapes at a given point in time

TCP Fingerprinting: Method used to identify remote operating systems by using odd packet header combinations

TCP Full Open Scan: Process used to check each port by performing a full three-way handshake on each port to determine if it was open

TCP Half Open Scan: Process used to scan work by performing the first half of a three-way handshake to determine if a port is open

TCP Wrapper: Software package that can be used to restrict access to certain network services based on the connection source; can be used to monitor and control incoming network traffic

TCP/IP: Primary communication language or protocol of the Internet; synonymous for "Internet Protocol Suite" in which the Transmission Control Protocol and Internet Protocol are key elements; can be used as a communications protocol in a private network (intranet or extranet)

TCPDump: Freeware Unix protocol analyzer that can monitor network traffic on a wire

TCSEC: See also DoD Trusted Computer System Evaluation Criteria

Team: See also Single Resource

Technical Attack: Invoked by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users. See also Social Engineering

Technical Control: See also Controls

Technical Description: Describes the specific details of an infection, such as registry entry modifications and files that are manipulated by the virus

Technical Specialists: Personnel with special skills who are activated only when needed

Technical Vulnerability: Flaws or weaknesses in hardware, firmware, software or communications that leave a computer processing system open for potential exploitation, either externally or internally, thereby resulting in risk for the system owner, user, or manager

Technological Disasters: Situations where large numbers of people, property, infrastructure, or economic activity are directly and adversely affected by major industrial accidents, severe pollution incidents, nuclear accidents, air crashes (in populated areas), major fires, or explosions Technological Hazard: a) Hazards emanating from the manufacture, transportation, storage, use, and disposal of such substances as radioactive materials, chemical, explosives, flammables to include liquid propane gas and liquid nitrogen gas, agricultural pesticides, herbicides, and disease agents; b) oil spills on land, coastal waters, or inland water systems; c) debris from space. See also Manmade Disaster

Technology Recovery Planning: Actions associated with planning for and writing procedures to address recovery of IT and telecommunications components associated with mission critical activities and/or their dependencies. See also Information Technology Disaster Recovery (ITDR)

Telecommunications: Communications over a distance using voice, data, text, video, radio, and television

Telephony Application Programming Interface (TAPI): Software developed by Microsoft that connects Windows operating systems to telephony services; TAPI automatically detects and configures communication hardware, such as modems, when installed on a computer

Telnet: TCP-based, application-layer, Internet standard protocol for remote login from one host to another

TEMPEST: Study and control of spurious electronic signals emitted by electrical equipment, particularly in regard to the use of those emissions as a covert channel

Template: File containing a Microsoft Word macro; usually named with a .DOT extension; .DOC files infected with macro viruses are templates, not documents

Terminal Access Controller Access Control System (TACACS): UDP-based authentication and access control protocol (RFC 1492) where a network access server receives an identifier and password from a remote terminal and passes them to a separate authentication server for verification; uses centralized authentication servers and serves not only network access servers but also routers and other networked computing devices

Terminal Disinfection: See Disinfection

Terminal Identification: Means used to uniquely identify a terminal to a system

Terminal Services: Microsoft technology that lets users remotely execute Windows-based applications on a terminal server; server transfers only user interface, keystrokes, and mouse movements between server and client

Terrorism: Calculated use of violence or the threat of violence to attain goals that are political, religious, or ideological in nature; can be done through intimidation, coercion, or instilling fear; includes a criminal act against persons or property that is intended to influence an audience beyond the immediate victims

Test: Activity performed to evaluate effectiveness or capabilities of a plan relative to specified objectives or measurement criteria; examples: Desk Check, Tabletop Exercise, Peer Review, Structured Walkthrough, Standalone Test, Integrated Test, and Operational Test; differs from an exercise in that a test often occurs at an alternate site while an exercise is generally a simulation. See also Exercise

Test Plan: Document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation

Test Script: Detailed description of tasks that will be analyzed while conducting a test; details the scope of the test and defines the success criteria

Third-Party Provider/ Supplier: External provider of services, goods and solutions. See also Sourcing, Outsourcing, Supplier

Threat: Potential violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm; examples:

• Hoax: E-mail that gets delivered in chain letter fashion describing a devastating, highly unlikely type of virus; identified by lack of file attachment, no reference to a third party who can validate the claim, and by general tone of message
• Joke: Harmless program that causes various benign activities to display on computer (new screen saver)
• Trojan Horse: Program that neither replicates nor copies itself, but causes damage or compromises the security of the computer
• Virus: Program or code that replicates itself in another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium
• Worm: Program that makes copies of itself or copies and distributes itself using e-mail or another transport mechanism

Threat Agent: Method used to exploit vulnerabilities in systems, operations, or facilities, or an entity generating such an exploit

Threat Analysis: Examination of all actions and events that might adversely affect a system or operation

Threat Assessment: Identification of threat types to which an organization might be exposed

Threat Containment: Measure of how well current antivirus technology can keep threats from spreading; measure levels include easy (threat is well-contained), moderate (threat is partially contained), and difficult (threat is currently uncontainable)

Threat Measure: Quantitative measurement of a threat; measurement criteria include physical access, electronic access, capability, motivation, and occurrence

Threat Model: Used to describe a given threat and the harm it could to do a system if it has vulnerabilities

Threat Monitoring: Analysis, assessment, and review of audit trails and other data collected for the purpose of searching out system events that may constitute violations or attempted violations of system security. See also Intrusion Detection System

Threat Safeguard: Process, procedure, technique, or feature that deters one or more threats to a network, by reducing risks linked to a system's threat measure

Threat Vector: Method used by a threat to reach its target

Threatened Epidemic: Describes situation where occurrence of a specific disease may be reasonably anticipated; requires a) susceptible human population; b) presence or impending introduction of a disease agent; and c) presence of a mechanism such that large-scale transmission is possible (such as a contaminated water supply). See also Epidemic, Disease

Three Pillars: Basic components of security are confidentiality, integrity, and availability

Threshold: Number of events needed to satisfy certain criteria; can be used to determine how notifications are to be delivered

Thunderstorm/Tornado Warning: Issued when tornadoes and severe thunderstorms are imminent

Thunderstorm/Tornado Watch: Issued when conditions are favorable for both tornadoes and severe thunderstorms

Ticket-Oriented: Computer protection system where each subject maintains a list of unforgeable bit patterns, called tickets; a ticket is needed for each object the subject is authorized to access; compare with list-oriented

Time Bomb: Logic bomb that triggers on a time event

Time Dependent Password: Valid only at a certain time of day or during a specified interval of time

Time Stamp of Attachment: Indicates the date and time of a file attachment

Time to Live: Value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded

Time Unit: Functional unit within ICS Finance/Administration Section responsible for recording time for incident or emergency personnel and hired equipment

Timeliness: Amount of time needed to disseminate information or surveillance to those who need it

Timeout: Predetermined period of time during which a given task must be completed; if timeout value is reached before or during task execution, the task is canceled

Tiny Fragment Attack: Recognizing the many IP implementations possible unusually small fragment sizes can be imposed on outgoing packets; if fragment size is small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match; if filtering implementation does not enforce a minimum fragment size, a disallowed packet might pass through because it didn't hit a match in the filter

Token: Authentication tool, a device utilized to hold key or authentication values, or calculate, and possibly send and receive, responses to challenges during the user authentication process; can be small, hand-held hardware devices similar to pocket calculators or credit cards

Token-Based Access Control: Associates a list of objects and their privileges with users; contrast with list-based

Token-Based Devices: Triggered by the time of day, and typically every minute the password changes; this requires users to have tokens with them when they log in

Token Ring: Type of local area network topology in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used to prevent collision of data between two computers that want to send messages at the same time; whatever device has the token can transmit, while other devices must wait

Tolerance Threshold: Maximum time period during which a business or government agency can afford to be without a mission critical activity and/or its dependencies. See also Mission Critical Activities

Top-Down: Command function established by the first officer on the scene; this officer becomes the incident commander until superseded by someone else. See Incident Command System

Top-Level Specification: Non-procedural description of system behavior at the most abstract level; typically, a functional specification that omits all implementation details

Topology: Geometric arrangement of a computer system; typical topologies include bus, star, and ring; the physical (real) and logical (virtual) arrangements of network elements may differ according to the network topology; may also differ in physical interconnections, distances between nodes, transmission rates, and/or signal types

Tornado: Local atmospheric storm, generally of short duration, formed by winds rotating at very high speeds usually in a counterclockwise direction; the vortex, typically several hundred yards wide, is visible to the observer as a whirlpool-like column of winds rotating around a hollow cavity or funnel; can have winds in excess of 300 miles per hour; very destructive storms

Toxicological Disaster: Serious environmental pollutant that causes illness by a massive, accidental escape of toxic substances into the air, soil or water. See also Disaster

Toxin: Substance capable of causing a harmful effect

Toxin Agents: Poisonous by-products of living organisms used to cause disease, illness or death in susceptible individuals

TPE (Trident Polymorphic Engine): Type of "mutation engine" function but performed by a different group

Traceroute (tracert.exe): Tool the maps route a packet takes from local machine to a remote destination

Traffic Analysis: Inference of information from observable characteristics of data flow(s), even when data is encrypted or otherwise not directly available; includes identities and locations of the source(s) and destination(s), and the presence, amount, frequency, and duration of occurrence

Traffic Padding: Generation of spurious instances of communication, spurious data units, and/or spurious data within data units, intended to defeat traffic analysis

Tranquility: Security model rule stating that security level of an object cannot change while object is being processed by a system

Transmission Control Protocol (TCP): Set of rules used along with Internet Protocol to send data in the form of message units between computers over the Internet; IP manages data delivery, while TCP keeps track of individual packets; TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent

Transmission, Indirect: See Indirect Transmission

Transmission of Infection: Movement of infectious agents, such that an infectious agent can be spread from a source or reservoir to another person; a) direct transmission is the immediate transfer of infectious agents to a receptive portal of entry through which human or animal infection may take place; may be through touching, kissing, biting, or sexual intercourse, or by direct projection (droplet spread) of droplet spray onto the conjunctiva or mucous membranes of eyes, nose, or mouth; b) indirect transmission occurs by vector or air, in which the latter is subdivided into droplets or dust

Transport Layer Security (TLS): Protocol that ensures privacy between communicating applications and their users on the Internet; ensures that no third party may eavesdrop or tamper with any message; successor to Secure Sockets Layer

Transportation to Definitive Medical Care: Vehicle options for moving patients; ambulances are vehicle of choice for most medical transports, but helicopters, boats, and snow cats can be used; can provide uninterrupted medical support while in transit

Trap Door: See also Back Door

Trauma Counseling: Provision of assistance to staff, customers and others who have suffered mental or physical injury through being involved in a disaster event. See also Post Traumatic Stress Disorder and Trauma Management

Trauma Management: Activities and services that help employees deal with trauma in a systematic way following a disaster through the delivery of appropriate support systems and coping strategies with the objective of restoring employees psychological well being. See also Trauma Counseling, Post Traumatic Stress Disorder

Traumatic Stress: While not clearly defined, includes events and circumstances that are both extreme and outside the realm of everyday experiences (e.g., events that are dangerous, overwhelming, and sudden marked by their extreme or sudden force, typically causing fear, anxiety, withdrawal, and avoidance); also considered to have high intensity, are unexpected, infrequent, and vary in duration from acute to chronic. See also Stress

Treatment Technique (TT): Enforceable procedure or level of technological performance that public water systems must follow to ensure control of a water contaminant; absent a reliable method that is economically and technically feasible to measure contaminants at particularly low concentrations, treatment technique (TT) is set rather than a maximum contaminant level (MCL). See also Maximum Contaminant Level; Disinfection

Triage: Select and categorize victims of a disaster for appropriate medical treatment according to the degree of severity of illness or injury as well as for the availability of medical and transport facilities

Trigger: Identifies the event, or code waiting for an event, that stimulates the activity of the payload, such as a virus or worm; may also refer to the event or code that causes reproduction or replication of the virus

Triple DES: Block cipher, based on the Data Encryption Standard, that transforms each 64-bit plaintext block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits

Triple-Wrapped: Data that has been signed with a digital signature, then encrypted, and then signed again

Trojan Horse: Computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate system authorizations

Trojanize: Modify an existing program to include an unwanted or negative payload

Tropical Depression: Cyclone occurring in the tropics that has rotary circulation at water level; maximum sustained wind speeds are above 38 miles per hour, but less than 74 miles per hour; considered the third phase in the development of a hurricane

Tropical Disturbance: Tropical cyclone which maintains its identity for at least 24 hours and is marked by moving thunderstorms and with slight or no rotary circulation at water level; winds are not strong; first stage in the development of a hurricane

Tropical Storm: Cyclone occurring in the tropics that has rotary circulation at water level; maximum sustained wind speeds are from 39-73 mph

Tropical Storm Warning: May be issued when winds of 39-73 mph are expected; if a hurricane is expected, tropical storm warnings may not be issued

Trunking: Connecting switches together so that they can share VLAN information between them

Trust: Determine permissions and actions other systems or users can perform on remote machines

Trusted Computer System Evaluation Criteria: See also DoD Trusted Computer System Evaluation Criteria

Trusted Computer System: Employs sufficient hardware and software assurance measures to allow its use for simultaneous processing of a range of sensitive or classified information

Trusted Computing Base (TCB): Total environment of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing security policies; consists of one or more components that together enforce a unified security policy over a product or system

Trusted Distribution: Trusted method for distributing TCB hardware, software, and firmware components, both originals and updates, that protects TCB from modification during distribution and detects any TCB changes

Trusted Identification Forwarding: Identification method used in networks whereby sending host can verify that an authorized user on its system is attempting a connection to another host; sending host transmits required user authentication information to receiving host; receiving host then verifies that user is validated for access to its system. See also Single Sign-On, Kerberos

Trusted Path: Mechanism by which a person at a terminal can communicate directly with the TCB; can only be activated by the person or TCB and cannot be imitated by untrusted software

Trusted Ports: Defined as ports below number 1024 that can be opened by the root user

Trusted Process: Situation where incorrect or malicious execution can violate system security policy

Trusted Software: Software portion of the TCB

TSR: "Terminate and Stay Resident." See also Resident

Tsunami: Very large sea wave produced by submarine earth movement or volcanic eruption; waves can reach a height of 80 feet and can devastate coastal cities and low-lying coastal areas

Tunnel: Communications channel created in a computer network by encapsulating a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one; considered a logical point-to-point link (OSI Layer 2 connection) created by encapsulating Layer 2 protocol in a transport protocol (such as TCP), in a network or inter-network layer protocol (such as IP), or in another link layer protocol; can move data between computers that use a protocol not supported by the network connecting them

Tunneling: Techniques that involve tracing of system interrupts to final programming; used by both viral and antiviral programs to detect or disable opposing programs

Tunneling Router: Device capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption

Two-Factor Authentication: Data verification using at least two of the three methods: a) something a user knows, b) something a user is, or c) something a user has

Type: Refers to resource capability; Type 1 resource provides a greater overall capability due to power, size, capacity, etc., than in a Type 2 resource; can help managers select the best resource for a task Typhoon: Name given to hurricanes in the western Pacific Ocean (west of 180 degrees longitude)