107 Cyber Security
107.6 List and define 9 categories of computer incidents. Explained Anomaly (event)
Suspected as malicious but determined not to fit the criteria
107.9 Define vulnerability assessment.
Systematic examination of an information system or product to determine the adequacy of security measures, and to identify security deficiencies
107.2 Define the following: Certification
The comprehensive evaluation of the technical and non-technical security features of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meet a set of specified security requirements
107.2 Define the following: Approval To Operate
The formal declaration by the DAA that an information system is authorized to operate
107.2 Define the following: Accreditation
The formal declaration that an information system is approved to operate at an acceptable level of risk based on an approved set of safeguards
107.2 Define the following: Configuration Management
The management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test features, and test documentation throughout the life of an information system
107.2 Define the following: Designated Approval Authority
The official with the authority to formally assume responsibility for operating system at an acceptable level of risk
107.6 List and define 9 categories of computer incidents. Root level intrusion (Incident)
Unauthorized administrative access to a DOD system
107.1 Define DCO
Defensive cyber operations are executed to defend the DoDIN from active threats in cyberspace
107.8 Define the following: IAVB, Information Assurance Vulnerability Bulletin
Addresses new vulnerabilities that don't pose immediate risk to DOD systems
107.14 Define CCRI & NAVIFOR's role during the process
A command cyber readiness inspection provides an overall inspection of network security and compliance with DOD information assurance and computer network defense policies. NAVIFOR is responsible for information warfare doctrine, policy and governance across the fleet
107.2 Define the following: System Security Authorization Agreement
A formal document that fully describes the security requirements and controls in place for a system
107.8 Define the following: NTD Naval Telecommunications Directive
A naval message to giving an order about a certain IT function that needs compliance
107.2 Define the following: Interim Approval to Operate IATO
A temporary authorization for an information system to process information
107.6 List and define 9 categories of computer incidents. Denial of service (Incident)
Activity that impairs or halts normal functionality of a system
107.6 List and define 9 categories of computer incidents. Non-compliance activity (Event)
Activity that makes DOD systems for potentially vulnerable
107.6 List and define 9 categories of computer incidents. Reconnaissance (event)
Activity that seeks to identify a computer, open port, or service to later exploit
107.7 Describe the DoN World Wide Web Security Policy.
All sites must have a purpose approved by the commander and supporting the commands core competency mission Only unclassified material that is approved for public release may appear on a website All websites under the Aegis of Navy/Marine Corps commands are considered official sites
107.6 List and define 9 categories of computer incidents. User level intrusion (Incident)
An authorized user level access to a DOD system
107.13 Discuss the role and responsibilities of Navy Red and Blue teams
Blue team: conducts operational network vulnerability evaluations and provides medication techniques. Red team: emulates a potential adversaries attack or exploitation to assess security and readiness
107.5 Define the five attributes of Cyber Security
Confidentiality: assurance that information is not disclosed to any authorized users, processes, or devices Integrity: protection against unauthorized modification or distraction of information Availability: Timely reliable access to data and information services for authorized users Non-repudiation: The sender has proof of delivery and the recipient has proof of the sender's identity Authentication: establishes the validity of a transmission, message, or originator
107.12 Explain CSWF specialty codes and responsibilities
Cyberspace workforce specialty codes refer to the designator for a given specialty cyber position attained through OTJ, JQR, or PQS. Some example specialty areas are investigation, architecture, risk management, cyber defense analysis, etc.
107.8 Define the following: CTO, Communications Tasking Order
DOD instruction that promulgates mandatory changes in standing instructions on how communications are handled
107.6 List and define 9 categories of computer incidents. Unsuccessful activity attempted (Event)
Failed attempt to gain unauthorized access
107.11 State the duties and responsibilities of the ISSM and ISSO
ISSM, Information System Security Manager: has the overall responsibility for managing the information assurance program of the organization, field site, or contractor facility to which they are assigned ISSO, Information System Security Manager: ensure that the appropriate operational security posture is maintained for an information system in accordance with internal security policies and practices
107.1 Define IA.
Information Assurance refers to Information operations that protect and defend data and Information Systems (IS) by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation
107.6 List and define 9 categories of computer incidents. Malicious logic (Incident)
Installation of malicious software
107.16 Explain why the Navy only uses ".mil" email addresses on government systems
It is a top level domain exclusive to the DOD
107.4 Discuss risk management.
Maintain Operation while Protecting the system and data Process that provides risk identification, analysis, mitigation planning and implementation, continuous monitoring and documentation to ensure early identification and handling of risks
107.8 Define the following: IAVA, Information Assurance Vulnerability Alert
Notification that is generated when an information assurance vulnerability may result in immediately/potentially severe threat to DOD systems
107.1 Define OCO
Offensive cyber operations are intended to project power by the application of force in and through cyberspace
107.8 Define the following: Patch
Operating system and application software code revisions also known as hot fixes/service packs
107.15 Explain what constitutes PII and the importance of safeguarding
Personally identifiable information is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual
107.6 List and define 9 categories of computer incidents. Investigating (Event)
Potential malicious activity deemed suspicious and warrants review
107.10 Explain the difference between vulnerability and threat.
Vulnerability: an actual weakness in an information system or security procedure that could be exploited Threat: any circumstance with the potential to adversely impact operations or organizations through an information system
107.3 Discuss security procedures involved when performing cross-domain transfers.
• The DAA Rep/SCO and ISSPM/ISSM must approve the procedures and individuals involved. • The media to be used in the process must be new or an approved transfer disk that has been virus checked. • Transfer information onto the media. • Perform scanning of the media for viruses. • When possible, ensure the transfer media is adequately write-protected if it is to remain classified at the lower level. • If the write-protect mechanism on the media is securely maintained, the media may remain at its lower classification level. • If the write protect mechanism is not correctly maintained, the media must be marked and handled at the highest classification level with the most restrictive handling caveats of the information processed by the IS. • Before transferring information to the higher classified system, perform scanning of the media for viruses. • Transfer the data from the media to the higher classified IS. • Following transfer, examine the write-protect device to validate that it is still securely intact.