Cybersecurity Flashcards
Confidentiality
Guards against a user without proper clearance accessing classified information.
Preserves authorized restrictions on information disclosure.
Protects personal privacy and proprietary information.
Confidentiality example
XX
Integrity
Guards against improper modification to or destruction of information.
Integrity Example
Prevents a user from improperly or maliciously modifying a database.
Availability
Ensures timely and reliable access to and use of information.
Availability Example
Ensures that an information system is accessible when an authorized user needs it.
Importance of Authentication
Mechanism that authorizes or allows access to computer systems and networks and the data that resides there.
Loss of or incorrect authentication services could allow unauthorized access to classified data.
Authentication Example
Common Access Card (CAC)
-provides system identification that authenticates the user
Non-Repudiation
Ensures that a party in an electronic exchange cannot deny…
- participation in the exchange
- authenticity of the message
Non-Repudiation Example
Digital signature
-confirms the identity of the sender of an email or the signer of a document
5 Attributes of Cybersecurity
Confidentiality
Integrity
Availability
Authentication
Non-Repudiation
2 Most Important Cybersecurity Attributes
Confidentiality
-Ensures the nation’s private information is contained.
Authentication
-One must prove who they are and why they need access before gaining access to the nation’s private information.
Importance of the 5 Attributes of Cybersecurity
Susceptible to threats and vulnerabilities.
Overlooking one attribute could create a vulnerability that leaves data susceptible to attack.
Must be aware of attributes to ensure risk is managed appropriately across all areas.
Must maintain these areas to prevent loss.
Main Points of Security Policy
- Identify and protect national security information and controlled unclassified information (CUI) in accordance with national-level policy issuances
- Promote information sharing, facilitate judicious use of resources, and simplify management through implementation of uniform and standardized processes
- Employ, maintain, and enforce standards for safeguarding, storing, destroying, transmitting, and transporting classified information
- Actively promote and implement security education and training throughout the Department of Defense
- Mitigate the adverse effects of unauthorized access to classified information by investigating and acting upon reports of security violations and compromises of classified information
DODI 8500.01 - Risk Management
- DoD will implement a multi-tiered cybersecurity risk management process.
- DoD must consider all cybersecurity risks.
- All DoD IT will participate in a cybersecurity program to manage risk.
- Risk management will be addressed as early as possible.
- Documentation regarding the security posture of DoD IS and platform information technology (PIT) systems will be made available.
DODI 8500.01 - Operational Resilience
- Information and services are available to authorized users.
- Security posture is sensed, correlated, and made visible to mission owners, network operators, and to the DoD Information Enterprise.
- Whenever possible, technology components have the ability to reconfigure, optimize, self-defend, and recover with little or no human intervention.
DODI 8500.01 - Integration and Interoperability
- Cybersecurity must be fully integrated into system life cycles.
- Interoperability will be achieved through adherence to DoD architecture principles, adopting a standards-based approach, and by all DoD Components sharing the level of risk necessary to achieve mission success.
- All interconnections of DoD IT will be managed to minimize shared risk.
DODI 8500.01 - Cyberspace Defense
- Employed to protect, detect, characterize, counter, and mitigate unauthorized activity and vulnerabilities.
- Shared with all appropriately cleared and authorized personnel.
DODI 8500.01 - Performance
- Implementation of cybersecurity will be overseen and governed through the integrated decision structures and processes.
- Performance will be measured, assessed for effectiveness, and managed.
- Data will be collected to support reporting and cybersecurity management activities.
- Standardized information technology tools, methods, and processes will be used to the greatest extent possible.
DODI 8500.01 - DoD Information
-All DoD information in electronic format will be given an appropriate level of confidentiality, integrity, and availability.
DODI 8500.01 - Identity Assurance
- Identity assurance must be used to ensure strong identification, authentication, and eliminate anonymity.
- DoD will public key-enable DoD information systems (ISs) and implement a DoD-wide Public key Infrastructure (PKI) solution that will be managed by the DoD PKI Program Management Office.
- Biometrics will be managed.
DODI 8500.01 - Information Technology
- All information technology that receives, processes, stores, displays, or transmits DoD information will be acquired, configured, operated, maintained, and disposed of.
- Risks, weaknesses or flaws, and vulnerabilities introduced through faulty design, configuration, or use will be managed, mitigated, and monitored.
- Cybersecurity requirements must be identified and included.
DODI 8500.01 - Cybersecurity Workforce
- Cybersecurity workforce functions must be identified and managed.
- Qualified cybersecurity personnel must be identified and integrated into all phases of the system development lifecycle.
DODI 8500.01 - Mission Partners
- Capabilities that are shared with mission partners will be consistent.
- DoD originated and DoD provided information must be properly and adequately safeguarded, with documented agreements indicating required levels of protection.
Cybersecurity Concepts
- Information Assurance Attributes
- System Categorization
- Assessment and Authorization Process
- Data Spills
- Disposal of Computer Media
- Non-Traditional Work Environments
- Processing Requirements for Specific Types of Information
- New Technology and Equipment
- Social Networking Services
- Compilation and Data Aggregation
- Marking Requirements for Electronic Information
- Position Sensitivity Designation/Personnel Security Investigative Standards
- Cybersecurity Policy
Importance of Cybersecurity Concepts
- In order to put the policies into action, you must be able to identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information.
- Need to be able to explain your role in protecting DoD’s information systems and the information they process, transmit, and store.
What are the cybersecurity attributes?
Answer = All Confidentiality (correct response) Integrity (correct response) Availability (correct response) Authentication (correct response) Non-repudiation (correct response)
Why do you need to be aware of cybersecurity?
To uphold all elements of the National Industrial Security Program Operating Manual Answer = To appropriately manage risk by mitigating threats and vulnerabilities To examine your own actions and activities to uphold personal accountability To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it
What are the cybersecurity drivers?
Answer = All NIST 800-30 Rev 1, Guide for Conducting Risk Assessments DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations DoD 8510.01, Risk Management Framework DoD 8500.01, Cybersecurity DoD Security Policy
Which skills do security personnel need?
Protect information systems. Answer 1 = Identify all cybersecurity concepts. Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information. Answer 2 = Examine their role in protecting DoD’s information systems and the information they process, transmit, and store.
Responsibilities of Security Personnel in Cybersecurity
- Protect classified information and controlled unclassified information.
- Have proactive and continuous engagement and collaboration between security, information technology (IT), and cybersecurity personnel, at all organizational levels.
- Manage threats, minimize vulnerabilities, use appropriate countermeasures, and respond to incidents swiftly and appropriately.
DoD CIO Responsibilities
- Monitors, evaluates, and provides advice to the Secretary of Defense regarding all DoD cybersecurity activities and oversees implementation of this cybersecurity.
- Develops and establishes DoD cybersecurity policy and guidance consistent with this instruction and in accordance with applicable federal law and regulations.
USCYBERCOM Responsibilities
- Overall responsibility of directing the operation of and assuring the security of the global DoD network environment.
- Leads the day-to-day defense and protection of the DoD networks and coordinates all DoD network operations.
- Provides full spectrum support to military and counterterrorism mission.
Component Level Staff
Component and activity-level, you need to be aware of other cybersecurity staff as well, such as the
- Authorizing Official (AO)
- Personnel Security Specialist
- Physical Security Specialist
- Information Security Specialist
- Industrial Security Specialist
- Security Specialist
- Security Officer
- Risk Executive Function
What skills do security personnel need to achieve their responsibilities?
- Analyze and manage risk
- Counsel stakeholders on security-related concerns, issues, and challenges.
- Support risk assessment and management.
- Execute security awareness training and education requirements and respond to security incidents.
- Accountable for cyber command readiness, in information security, personnel security, physical security, counterintelligence, and vulnerabilities assessment and management.
What is the primary responsibility of security personnel
Monitor, evaluate, and provide advice to the Secretary of Defense Answer = Protect classified information and controlled unclassified information Direct the operation of and assure the security of the global DoD network Coordinate all DoD network operations
What is security personnel’s primary skill in relationship to cybersecurity
Analyze duties Answer = Manage risk Execute training Respond to incident
Risk Management System Components
Risk Assessment
Mitigation
Evaluation
Risk Management System
- Provides overarching methodology to follow when managing risks.
- Consists of assessment, mitigation, and evaluation (in that order).
- Be aware of risk impacts
- Reassess constantly as new solutions are deployed.
Risk Assessment
- Determines the extent of the threat and risk associated with the information system.
- Used to identify security controls to decrease the risk.
- Security personnel identify and evaluate risks, risk impacts, and countermeasures.
- Revisit risk assessment as you move through the other phases of risk management.
Mitigation
- Prioritize, implement, and maintain risk-reducing measures.
- Implement the most appropriate controls.
- Accept the risk by simply continuing to operate the information system.
- Avoid the risk by eliminating the risk cause and/or the consequence.
- Limit the risk by implementing controls to minimize the adverse impact of a threat exploiting a vulnerability.
Evaluation
Risk evaluation is essential to the risk management process. It is the continual process of assessing and mitigating risk. Then purpose of evaluation is to ensure that as changes occur, you are reviewing and ensuring that new risks have not arisen
What are the six RMF steps?
- Step 1 is Categorize System
- Step 2 is Select Security Controls
- Step 3 is Implement Security Controls
- Step 4 is Assess Security Controls
- Step 5 is Authorize System
- Step 6 is Monitor Security Controls
What is RMF?
- Integrated enterprise-wide decision structure for cybersecurity risk management.
- Includes and integrates DoD mission areas.
- Facilitates reciprocity among federal agencies.
- Used to assess and authorize information systems.
- Can help prevent issues and manage all information systems.
What are the components of the Risk Management System?
Revision Analysis Answer 1 = Evaluation Answer 2 = Assessment Answer 3 = Mitigation
What are the steps in the Risk Management Framework (RMF)?
Answer = All Monitor Security Controls Categorize System Authorize System Assess Security Controls Select Security Controls Implement Security Controls
Security Personnel Responsibilities:
Step 1: Categorize System
This step corresponds to assessment in the risk management system.
- Know how to assess threats to your information technology (IT) infrastructure
- Threats are a potential activity that may contribute to the risks associated with operating an information system, or IS – controlled or uncontrolled, intentional or unintentional.
- Know how to spot vulnerabilities to your IT program.
The overall threat environment can be addressed in four areas:
Adversarial
Accidental
Structural
Environmental
Adversarial Threats
Threat from an individual, group, organization, or nation-state seeking to exploit the organization’s dependence on cyber resources.
Accidental Threats
Unintentional threats made by a single user or privileged user or administrator when performing their everyday responsibilities.
Structural Threats
Failures of equipment, environmental controls, or software due to aging, resource depletion, or other circumstances.
Environmental Threats
Natural or man-made disasters, unusual natural events, or an infrastructure failure or outage.
Cyber Attack
Attempts by hackers to damage or destroy a computer network or system.
Insider Threat
Malicious threats to an organization that come from people within the organization who have legitimate access to information concerning the organization’s security practices, data and computer systems.
Social Media
Includes websites and applications that enable users to create and share content or to participate in social networking.
Mobile Computing
Technology that allows transmission of data, voice, and video via a computer or any other wireless enabled device without having to be connected to a physical link.
Evolving Threats
Constant changing threats and new technologies that leave the DoD vulnerable to attack.
*Challenge = keeping up with new threats as new environments are created.
Common Cybersecurity Threat Methods
- Sniffing and Eavesdropping
- Malicious Code and Malware
- Denial of Service
- Spoofing
- Password Cracking
- Social Engineering
Sniffing and Eavesdropping
Allows adversaries to tap into network traffic and capture packets.
Malicious Code and Malware
Uses software to attack/damage computer systems and networks.
Examples: viruses, worms, and Trojans
Denial of Service
Saturates resources on systems or networks so that the network or computers cannot provide required services to users.
Examples: teardrop attack, Smurf attack, and Distributed DOS (DDOS)
Spoofing
Uses false information to gain unauthorized access to resources.
Examples: Forged IP addresses, Man-in-the-Middle attacks, and session hijacking attacks
Password Cracking
Allows adversaries to derive passwords.
Examples: dictionary attacks, brute force and easy-to-guess passwords
Social Engineering
Manipulates people into divulging confidential information.
Examples: pretexting/scenarios, phishing and dumpster diving.
*Information found from dumpster diving can provide an attacker with information to hack into system
Threat Info
“There are many ways that cyber attackers can gain access.
Adversaries use probing and scanning to ascertain information about services, vulnerabilities, and hosts on a network. Please note that not all threats are issues. You must evaluate the threats and then make appropriate decisions”
Vulnerabilities
Threats take advantage of weaknesses—or vulnerabilities–to gain unauthorized access to our information or systems. Vulnerabilities include physical security, IS software and hardware, and people. As security personnel, you need to assess the ease, rewards, likelihood, related threats, and residual risk of vulnerabilities. Your goal as security personnel is to be aware of vulnerabilities so that you can coordinate the appropriate countermeasures to prevent exposure.
Vulnerability Tier 1
Vulnerability at the organization level.
Vulnerability Tier 2
Vulnerability at the mission/business process level.
Vulnerability Tier 3
Vulnerability at the information system level, which is where network vulnerabilities are categorized.
What threat environments should you consider
Answer = All Adversarial Environmental Structural Accidental
What should you look for when assessing vulnerabilities?
Answer = All Residual risk Ease Likelihood Related threats Reward
Which RMF steps assess risk?
Step 1 - Catagorization
Which RMF steps mitigate risk?
Step 2 - Select Security Controls
Step 3 - Implement Security Controls
4 Activities of Selecting Security Controls
RMF Step 2
- Common Control Identification
- Security Baseline and Overlay Selection
- Development of a Monitoring Strategy
- Review and Approval of Security Plan and Continuous Monitoring Strategy
Common Control Identification
- Chief Information Officer (CIO) provides resources and guidance for selecting security controls.
- Actual selection of controls performed by the Information Security Officer (ISO) and the Common Control Provider (CCP).
- CIO approves the selections made by ISO and CCP.
Security Baseline and Overlay Selection
- Identifies the baseline for the system based on impact levels.
- Documented in the security plan.
- Identifies overlays that apply to the information system (IS) or platform information technology (PIT) system.
Monitoring Strategy
- Defines how the continuing effectiveness of security controls will be evaluated.
- Includes a plan for annually assessing the implemented security controls.
Security Plan Review and Approval
- DoD Components develop and implement the processes.
- The Authorizing Official (AO) reviews the processes and decides whether to authorize the security plan and continuous monitoring.
3 Areas Within Cybersecurity
Physical
Personnel
Procedural
Physical Security
Limits physical access to the information systems.
Physical Security Examples
- Keeping information systems that process sensitive compartmented information (SCI) in a SCIF
- Locking the server room doors
- Securing workstations
- Protecting portable devices such as laptops, tablets, and phones
- Disabling drives
- Protecting printers and waste
Personnel Security
- Limits access to the information system (IS) to cleared personnel with a need-to-know.
- Ensures IS users are aware of the policies associated with IS and their responsibilities to protect the information it contains.
Personnel Security Examples
- Implementing unique identification
- Correlating actions to users
- Maintaining user IDs
- Deactivating user IDs that are no longer eligible for access or no longer need-to-know
- Implementing authentication requirements
Procedural Security
Organization-wide countermeasures for information systems (IS) put into place.
Procedural Security Examples
- Internal Detection Systems (IDS) firewalls
- Encryption
- Not permitting thumb drives
Implement Risk Controls
- Implement controls consistent with DoD Component Cybersecurity architectures and documented in the security plan.
- Products must be configured in accordance with the applicable Security Technical Implementation Guides (STIGs) or Security Requirements Guide (SRGs). -Identify any controls available for inheritance.
- Implement controls consistently with DoD architectures and standards, and employ system and software engineering methodologies, security principles, and secure coding techniques.
- Proposed security design must be addressed in preliminary and critical design reviews.
- Security plan is updated to describe and document the security control implementation.
- Existing security controls are reviewed. If they do not pose a risk, then they are inherited into the new practice.
Which steps of the RMF are designed to mitigate risk?
Assess Security Controls Monitor Security Controls Answer 1 = Select Security Controls Authorize System Answer 2 = Implement Security Controls Categorize Syste
Which of the following are the activities that occur when performing RMF Step 2, Select Security Controls
Answer = All Common Control Identification Monitoring Strategy Security Baseline and Overlay Selection Security Plan and Review Approval
What activities occur during implementation of security controls?
Communicate updates to appropriate audiences Seek approvals from CIO Create appropriate training and communication plans Answer 1 = Ensure consistency with DoD architectures Answer 2 = Document security control implementation in the security plan Answer 3 = Identify security controls available for inheritanc
Which RMF steps evaluate risk?
Step 4 -Assess Security Controls
Step 5 - Authorize System
Step 6 - Monitor Security Controls
4 Activities of Assessing Security Controls
- Compare the security controls to the security assessment plan and the DoD assessment procedures.
- Record the security control compliance status.
- Assign the vulnerability severity value for security controls.
- Determine the risk level for security controls.
- Assess and characterize the aggregate level of risk to the system.
Security Assessment Plan
Security Assessment Plans are developed, reviewed, and approved by…
- Ensuring security assessment activities are coordinated.
- Reviewing interoperability and supportability certification efforts, Developmental Test and Evaluation (DT&E) events, and Operational Test and Evaluation (OT&E) events.
- Documenting the coordination of activities in the Security Assessment Plan.
- Focus of the Security Assessment Plan is to maximize effectiveness, reuse, and efficiency.
Assess Security Controls
- Compare the security controls to the security assessment plan and the DoD assessment procedures.
- Record the security control compliance status.
- Assign the vulnerability severity value for security controls.
- Determine the risk level for security controls.
- Assess and characterize the aggregate level of risk to the system.
How do you determine the risk level for security controls?
You do this by using SCA’s determination that a credible or validated threat source and event exists. Consider the vulnerability severity level and pre-disposing conditions as well as the cybersecurity attributes and all impact levels related to the control. SCA’s consider the impact of a successful threat event.
Security Assessment Report (SAR)
- Documents issues, findings, and recommendations from the security control assessment.
- The Security Controls Assessor (SCA) prepares the SAR.
- The SAR is required for an authorization decision.
Remediation Actions
When you conduct remediation actions on NC security controls, you base your findings and recommendations on the SAR. You will also reassess remediated controls
Step 5 - Authorize System
Security authorization package is submitted and consists of the…
- Plan of Action and Milestones (POA&M)
- Security plan
- Security Assessment Report (SAR)
The Authorizing Official (AO) issues an authorizing decision.
*The AO may have feedback that requires revision of the security authorization package, which must then be resubmitted to the AO for review and final acceptance.
Step 6 - Monitor Security Controls
- Impact of changes to the system and environment are determined
- Selected security controls are assessed according to the continuous monitoring strategy
- Remediation actions are taken
- Security plan, Security Assessment Report, and POA&M are updated as necessary
- Security status is reported to Authorizing Official (AO) who reviews the status reports
- System decommissioning strategy is implemented when needed.
Determining Impact of Changes
The information system owner…
- Continuously monitors the system or information environment.
- Periodically assesses the quality of security controls.
- Reports any significant change in the security posture of the system.
Assess Selected Controls
- A selected subset of controls must be assessed in accordance with the continuous monitoring strategy.
- The assessor must create a written and signed Security Assessment Report (SAR) that indicates the results of the assessment.
- The Authorizing Official must review the SAR.
Determining Remediation
Remediation actions are based on ongoing…
- Monitoring activities
- Assessment of risk
- Outstanding items in the POA&M.
Updating Documentation
- The security plan, SAR, and POA&M must be kept up-to-date.
- Updates result from changes due to system-level continuous monitoring.
- The Program Manager (PM) and/or Security Manager (SM) perform all primary activities.
Security Status Reports
- Is reported to the Authorizing Official (AO).
- Must include the effectiveness of security controls employed within and inherited by the system.
AO
During continuous monitoring, the AO reviews the reported status. The AO review includes the effectiveness of security controls employed within and inherited by the system.
Decommissioning Strategy
If a system is no longer necessary, the decommissioning strategy is implemented.
The information system (IS) owner executes the actions outlined in the decommissioning strategy in the security plan.
When a system is removed from operation…
- Assess the impact on control inheritance relationships
- Update security plan to reflect decommissioned status
- Dispose of artifacts and supporting documentation according to sensitivity or classification
- Review data or objects that support DoD information enterprise
Which steps of the RMF are designed to evaluate risk
Answer 1 = Select Security Controls Answer 2 = Assess Security Controls Answer 3 = Monitor Security Controls Answer 4 = Authorize System Categorize System Implement Security Controls
What activities occur when assessing security controls?
Prepare the Plan of Action and Milestones (POA&M) Conduct final risk determination Answer 1 = Develop, plan, and approve Security Assessment Plan Answer 2 = Prepare Security Assessment Report (SAR)
What activities occur when authorizing the system?
Implement decommissioning strategy Develop, review, and approve Security Assessment Plan Answer 1 = Prepare the Plan of Actions and Milestones (POA&M) Answer 2 = Submit security authorization package
What activities occur when monitoring security controls?
Prepare the Plan of Actions and Milestones (POA&M) Develop, review, and approve Security Assessment Plan Answer 1 = Implement decommissioning strategy Answer 2 = Determine impact of change
What must security personnel be able to do regarding cybersecurity?
-Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information AND examine their role in protecting DoD’s information systems and the information they process, transmit, and store. Each of the cybersecurity attributes is susceptible to threats and vulnerabilities. Security personnel need to be aware of the attributes to ensure they are appropriately managing the risk across all areas.
