107 Cyber Security Flashcards
Define Information Assurance (IA)
Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
Define Defensive Cyberspace Operations (DCO)
Missions are executed to defend the DODIN, or other cyberspace DOD cyberspace forces have been ordered to defend, from active threats in cyberspace
Define Offensive Cyberspace Operations (OCO)
Missions intended to project power in and through foreign cyberspace through actions taken in support of CCDR or national objectives.
107.2 Define Certification
comprehensive evaluation of the technical and non-technical security safeguards of an information system that establishes the extent to which a particular design and implementation meets a set of specific security requirements.
107.2 Define Accreditation
a process in which certification of competency, authority, or credibility is presented.
107.2 Define DAA
the Designated Approving Authority, is the official with the authority to formally assume responsibility for operating a system at an acceptable level of risk.
107.2 Define System Security Plan
the purpose of the system security plan (SSP) is to provide an overview of the security requirements of the system and describe the controls in place or planned responsibilities and expected behavior of all individuals who access the system.
107.2 Define ATO
Authorization to Operate, the official management decision issued by a DAA or authorize operation of an information system and to explicitly accept the residual risk to agency operations.
107.2 Define IATO
an Interim Authorization to Operate (IATO), is the temporary authorization granted by a DAA for an information system to process information based on preliminary results of a security evaluation of the system.
107.2 Define Configuration Management
management of security features and assurances through control of changes made to hardware, software, firmware, and documentation, test, test fixtures, and test documentation throughout the life cycle of an information system.
107.3 Discuss security procedures involved when performing cross-domain transfers.
In addition to command specified required training, transferring of files from a lower classification to a higher classification requires malware scanning of the source files, but is not limited to the type of file being transferred. From higher classification down however, the files MUST be converted to a .txt document and ran through a buster tool designed to look for key words to enable the user to safely transfer information without leaking potentially classified documents. Also, the user and a subject matter expert need to go through any document being transferred down to ensure that no potentially dangerous material is spilled onto an unclassified host.
107.4 Discuss Risk Management
Process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations.
107.5 Define the five attributes of IA
a. Confidentiality: is assurance that information is not disclosed to unauthorized individuals, processes, or devices.
b. Integrity: is assurance that information is not modified by unauthorized parties or in an unauthorized manner.
c. Availability: is assurance of timely, reliable access to data and Information Systems by authorized users. Availability-focused IA controls protect against degraded capabilities and denial of service conditions.
d. Non-repudiation: is assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.
e. Authentication: is assurance of the identity of an e-mail message sender or receiver is who they claim they are.
9 categories of computer incidents: CAT1
Root-Level Intrusions – Unauthorized privileged access (administrative or root access) to a DOD system
9 categories of computer incidents: CAT2
User-Level Intrusions – Unauthorized non-privileged access (user-level permissions) to a DOD system. Automated tools, targeted exploits, or self-propagating malicious logic may also attain these privileges.
9 categories of computer incidents: CAT3
Unsuccessful Activity Attempt – Attempt to gain unauthorized access to the system, which is defeated by normal defensive mechanisms. Attempt fails to gain access to the system (i.e., attacker attempt valid or potentially valid username and password combinations) and the activity cannot be characterized as exploratory scanning. Can include reporting of quarantined malicious code.
9 categories of computer incidents: CAT4
Denial of Service – Activity that impairs, impedes, or halts normal functionality of a system or network
9 categories of computer incidents: CAT5
Non-Compliance Activity – Occurs when a system is not compliant with appropriate Navy or DOD regulations (i.e. block list not applied, command not up-to-date, etc.).
9 categories of computer incidents: CAT6
An activity (scan/probe) that seeks to identify a computer, an open port, an open service, or any combination for later exploits. This activity does not directly result in a compromise.
9 categories of computer incidents: CAT7
Malicious Code – Installation of malicious software (i.e. trojan, backdoor, virus, or worm).
9 categories of computer incidents: CAT8
Investigating – Events that are potentially malicious or anomalous activity deemed suspicious and warrants, or is undergoing, further review. No event will be closed out as a Category 8. Category 8 will be re-categorized to appropriate Category 1-7 or 9 prior to closure.
9 categories of computer incidents: CAT9
Events that are initially suspected as being malicious but after investigation are determined not to fit the criteria for any of the other categories (e.g., system malfunction or false positive).
Category 0 (zero) events are for training purposes only.
107.7 Describe the DON World Wide Web Security Policy.
Provides primary governing policy for all unclassified DOD WWW sites to prevent the release of classified information.
Define: Information Assurance Vulnerability Alerts (IAVA)
address severe network vulnerabilities resulting in immediate and potentially severe threats to DON systems and information.
Define: Information Assurance Vulnerability Bulletins (IAVB)
address new vulnerabilities that do not pose an immediate risk to DON systems but are significant enough that noncompliance with the corrective action could increase the risk.
Define: Computer Tasking Order (CTO)
a formal tasking order that contains detailed guidance and missions for each component to accomplish.
Define: NTD (Navy Telecommunications Directive)
a formal tasking order that contains guidance for official Navy communication circuits.
Define: NIA/NIB/OIA/OIB
NMCI Information Advisory, NMCI Information Bulletin, Overseas Navy Enterprise Network Advisory, Overseas Navy Enterprise Network Bulletin
Define: Patch
Updates, fixes and/or enhancements to a software program delivered in the form of a single installable package.
107.9 Define vulnerability assessment
Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
107.10 Explain the difference between vulnerability and threat
- Vulnerability: Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited.
- Threat: Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.
107.11 State the duties and responsibilities of the ISSM and ISSO.
The Information Systems Security Manager/Officer: Is the individual responsible to the Commanding Officer for the proper execution of an effective IA program for their system or site. The ISSM is designated in writing by the CO and is overall in charge of and responsible for the network, its security, as well as any training requirements to ensure the safety of the network, its systems, and its users.
107.12 Explain CSWF Specialty Codes and responsibilities
Personnel must meet and maintain the minimum qualification standards of their assigned Specialty Area/Work Role and proficiency level.
107.13 Discuss the role and responsibilities of Navy Blue Team
a. Blue Team Operations: uses a team specifically constructed for the Inter-Deployment Training Cycle charged with assisting in the protection of the targeted assets and conducting training to local personnel.
107.13 Discuss the role and responsibilities of Navy Red Team
b. Red Team Operation: is an independent and threat-based effort by an interdisciplinary, simulated opposing force, which after proper safeguards are established, uses both active and passive capabilities on a formal, time-bounded tasking to expose and exploit IA vulnerabilities of friendly forces.
107.14 Define CCRI and NAVIFOR role during the process (NOW CORA) (Command Operational Readiness Assessment)
Command Cyber Readiness Inspection (CCRI) – quick look methodology for compliance validations for COCOMs. NAVIFOR is the Office of the Designator Approving Authority and is the overall authority for operating a network.
107.15 Explain what constitutes PII
- PII is any information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.
Explain the importance of Safeguarding
- Safeguarding is protective measures to prevent compromise or unauthorized disclosure of personally identifiable information (PII) The loss of PII can result in substantial harm to individuals, including identity theft or other fraudulent use of the information.
107.16 Explain why the U.S. Navy only uses “.mil” email addresses on government systems.
Official government email system restricts access to official users providing CIANA requirements as well as meeting IA and accreditation requirements.
