107: Cyber Security Flashcards
107.1a
Define IA
Information Assurance (IA)
measures that protect & defend information/information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation
107.1b
Define DCO
Defense Cyberspace Operations (DCO)
operations intended to preserve the ability to utilize friendly cyberspace capabilities
107.1c
Define OCO
Offensive Cyberspace Operations (OCO)
operations intended to project power in and through cyberspace
107.2a
Define Certification
the authorization to operate Information Systems (IS)
107.2b
Define Accreditation
process in which certification of competency, authority, and credibility is presented
107.2c
Define DAA
Designated Approving Authority (DAA)
responsible for authorizing a system’s operation based on an acceptable risk posture
is now called Navy Authorizing Official (NOA)
107.2d
Define System Security Plan
prepared formal document that describes the security controls in place or planned
107.2e
Define ATO
Authority To Operate (ATO)
official management decision to operate an Information System (IS)
may be issued for up to 3 years
107.2f
Define IATO
Interim Authority to Operate (IATO)
limited authorization to operate under specific terms and conditions
107.2g
Define Configuration Management
management of all changes to an information system during its lifecycle
107.3
Discuss the security procedures involved when performing cross-domain transfers
- maintain life-cycle security management
- appoint in writing individual(s) to oversee day-to-day security management & processes
- report security incidents to the local Information Assurance Manager
107.4
Discuss risk management
the process that balances operational and economic costs of protective measures to achieve mission capability
effective risk management reduces risk assumed by all systems to an acceptable level for operational use
107.5
Describe the 5 attributes of cybersecurity
a. Confidentiality
b. Integrity
c. Availability
d. Non-repudiation
e. Authentication
a. assurance of no unauthorized disclosure of information
b. protection against unauthorized modification or destruction of information
c. timely, reliable access to data and information systems for authorized users
d. proof of data delivery & proof of sender’s identity
e. assurance of user identity & established validity of a transmission
107.6
List and define 9 categories of computer incidents
1- Root Level Intrusion: unauthorized privileged access
2- User Level Intrusion: unauthorized non-privileged access
3- Denial of Service: disrupts normal functionality
4- Malicious Logic: installation of software by adversaries with malicious intentions
5- Unsuccessful Activity Attempt: deliberate attempts to gain unauthorized access
6- Non-Compliance Activity: increased risk as a result of action/inaction of authorized users
7- Reconnaissance: information gathering to characterize DoD systems
8- Investigating: potentially malicious or anomalous activity deemed suspicious
9- Explained Anomaly: suspicious events that are later determined to be non-malicious
107.7
Describe the DoN World Wide Web Security Policy
- all DoN websites must have a clearly articulated purpose
- may only contain unclassified material that is approved for public release
