107: Cyber Security Flashcards
107.1a
Define IA
Information Assurance (IA)
measures that protect & defend information/information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation
107.1b
Define DCO
Defense Cyberspace Operations (DCO)
operations intended to preserve the ability to utilize friendly cyberspace capabilities
107.1c
Define OCO
Offensive Cyberspace Operations (OCO)
operations intended to project power in and through cyberspace
107.2a
Define Certification
the authorization to operate Information Systems (IS)
107.2b
Define Accreditation
process in which certification of competency, authority, and credibility is presented
107.2c
Define DAA
Designated Approving Authority (DAA)
responsible for authorizing a system’s operation based on an acceptable risk posture
is now called Navy Authorizing Official (NOA)
107.2d
Define System Security Plan
prepared formal document that describes the security controls in place or planned
107.2e
Define ATO
Authority To Operate (ATO)
official management decision to operate an Information System (IS)
may be issued for up to 3 years
107.2f
Define IATO
Interim Authority to Operate (IATO)
limited authorization to operate under specific terms and conditions
107.2g
Define Configuration Management
management of all changes to an information system during its lifecycle
107.3
Discuss the security procedures involved when performing cross-domain transfers
- maintain life-cycle security management
- appoint in writing individual(s) to oversee day-to-day security management & processes
- report security incidents to the local Information Assurance Manager
107.4
Discuss risk management
the process that balances operational and economic costs of protective measures to achieve mission capability
effective risk management reduces risk assumed by all systems to an acceptable level for operational use
107.5a
Describe the confidentiality attribute of cybersecurity
assurance of no unauthorized disclosure of information
107.5b
Describe the integrity attribute of cybersecurity
protection against unauthorized modification or destruction of information
107.5c
Describe the availability attribute of cybersecurity
timely, reliable access to data and information systems for authorized users
107.5d
Describe the Non-repudiation attribute of cybersecurity
proof of data delivery & proof of sender’s identity
107.5e
Describe the Authentication attribute of cybersecurity
assurance of user identity & established validity of a transmission
107.6
List and define 9 categories of computer incidents
1- Root Level Intrusion: unauthorized privileged access
2- User Level Intrusion: unauthorized non-privileged access
3- Denial of Service: disrupts normal functionality
4- Malicious Logic: installation of software by adversaries with malicious intentions
5- Unsuccessful Activity Attempt: deliberate attempts to gain unauthorized access
6- Non-Compliance Activity: increased risk as a result of action/inaction of authorized users
7- Reconnaissance: information gathering to characterize DoD systems
8- Investigating: potentially malicious or anomalous activity deemed suspicious
9- Explained Anomaly: suspicious events that are later determined to be non-malicious
107.7
Describe the DoN World Wide Web Security Policy
- all DoN websites must have a clearly articulated purpose
- may only contain unclassified material that is approved for public release
107.8a
Define IAVA
Information Assurance Vulnerability Alert (IAVA)
alert that addresses severe network vulnerabilities & corrective actions
107.8b
Define IAVB
Information Assurance Vulnerability Bulletin (IAVB)
addresses new vulnerabilities that do not pose immediate risk
107.8c
Define CTO
Communications Tasking Order (CTO)
promulgates mandatory changes in standing instructions on how communications are handled
107.8d
Define NTD
Navy Telecommunications Directive (NTD)
order or direction about a certain IT function that needs to be complied with
107.8e
Define NIA/NIB/OIA/OIB
(Service Pack)
a collection of updates to a software program delivered as a single installable package
107.8f
Define Patch
a fix for a vulnerability or an operational enhancement
107.9
Define vulnerability assessment
an examination of a system’s ability to withstand assault
107.10
Explain the difference between vulnerability and threat
a vulnerability is a weakness; a threat is a possible exploiter of a weakness
107.11
State the duties and responsibilites of the ISSM and ISSO
Information System Security Manager & Officer
Manager: principal advisor on all matters involving IS security
Officer: Supports the ISSM and manages IS configurations
** NIOC Pacific Feb2025 ISSO - Chief Johnson
107.12
Explain CSWF Specialty Codes and responsibilities
Cyber Security Workforce
found on TWMMS; identifies specialties the service member is trained for
ex: 21 for digital forensics; 72 for ISSO
107.13
Discuss the role and responsibilities of Navy Red and Blue teams
Navy Red does penetration testing of systems and networks to find vulnerabilities (increases offense)
Navy Blue does system hardening of systems and networks (increases defense)
107.14
Define CCRI and NAVIFOR’s role during the process
NAVIFOR coordinates with the command receiving a Command Cyber Operational Readiness Inspection which is a graded event by FLTCYBERCOM to evaluate the overall security of the command
107.15
Explain what constitues PII and the importance of safeguarding
Personally Identifiable Information
any information that could potentially identify a specific person
107.16
Explain why the US Navy only uses “.mil” email addresses on government systems
because the US DoD has exclusive use of this domain
