107 Cyber Security Flashcards
Define IA
Information Assurance- are measures that protect and defend information systems
Define DCO
Defensive cyber operations- passive and active cyberspace operations intended to preserve the ability to utilize friendly cyberspace
Define OCO
Offensive Cyberspace Operations- cyberspace operations intended to project power by force through cyberspace
Certification
evaluation of the security features of an IS to see if they meet certain security requirements
Accreditation
Process where certification on competency, authority, or credibility is presented
NAO
Navy Authorizing Official- responsible for authorizing the systems operation based on achieving and maintaining an acceptable risk posture
System Security Plan
provides an overview of the security requirements of the system
ATO
Authority to Operate- official decision to authorize the operation of a system
IATO
Interim authority to operate- temporary authorization granted by NAO for an information system based on preliminary results of an evaluation
Configuring Management
management of security features and assurances through control of changes to the systems through their lifecycle
Risk Management
The process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in the mission by protecting the IT systems
5 attributes of Cyber Security
confidentiality
integrity
availability
non-repudiation
authentication
9 categories of computer incidents
root level incident
user level incident
denial of service incident
malicious logic incident
unsuccessful activity attempt event
non compliance activity event
reconnaissance event
investigating event
explained anomaly event
DoN World Wide Web security policy
everything posted online must be reviewed as to not violate OPSEC
IAVA
Information Assurance Vulnerability Alert- addressed severe network vulnerabilities resulting in immediate and sever threats
IAVB
Information Assurance Vulnerability Bulletin- addresses new vulnerabilities that do not pose an immediate risk
CTO
Computer Tasking Order- A formal tasking that contains detailed guidance and missions for each component to complete
NTD
Navy Telecommunications Directive- A widely disseminated naval message detailing directions about a certain IT function that needs to be complied with
Service Pack
A collection of updates to a software program delivered in the form of a single installable package
Patch
A fix for a vulnerability or operational enhancement
Vulnerability Assessment
An examination of the ability of a system to withstand assault
Vulnerability VS threat
Vulnerability- Weakness in a systems security scheme
Threat- Person, event, or circumstance with potential to cause harm to a system
ISSM
Information System Security Manager-
The principle advisor on all matters involving the security of an IS under purview
ISSO
Information System Security Manager-
Supports the ISSM to implement security requirements an mandated NISP and NAO
CSWF
Cyber Security Work Force
CSWF codes
Specialties a person is trained for found on TWMS
21-digital forensics
72-ISSO
53- incident response
44- network services
Navy Red and Blue Teams
Red Team- performs penetration testing of systems/networks to identify vulnerabilities
Blue- performs detection and hardening of systems/networks to preempt attack vectors
CCORI
Command Cyber Operational Readiness Inspection- Graded event by FLTCYBERCOM every 24 months to evaluate the overall security of a command to include physical technical and administrative
Why does the Navy only use “.MIL” email addresses
because the DoD has exclusive use of this domain
