Define IAProtecting & Defending Data | Ensuring: 1. Availability, 2. Integrity, 3. Authentication, 4. Confidentiality, 5. Non-Repudiation | Incorporating: 1. Protection, 2. Detection, 3. Reaction Capabilities |
DoN WWW Security PolicyThreats to the security of Navy and Marine Corps operations | Threats to the safety of DoN personnel and their families | Attacks in the form of: 1. Computer Systems, 2. Terrorist Attacks, 3. Identity Theft | Balancing public information with OPSEC, Privacy Information, INFOSEC, and Personal Safety |
9 Categories of Computer Incidents1. Root Level Intrusion (incident) | 2. User Level Intrusion (incident) | 3. Unsuccessful Activity Attempt (event) | 4. Denial of Service (incident) | 5. Non-Compliance Activity (event) | 6. Reconnaisssance (event) | 7. Malicious Logic (event) | 8. Investigating (event) | 9. Explained Anomaly (event) |
NTDNavy Telecommunications Directive |
Configuration Management1. Identifies, 2. Controls, 3. Accounts For, 4. Audits | In reference to a site or Information System (I.S.) | Occurs during: 1. Design, 2. Development, 3. Operational Lifecycle |
DAODesignated Approving Authority |
CCRICommand Cyber Readiness Inspection | Formal inspection process which holds commanders accountable for their IA |
| | Designated Approving AuthorityUpper Level Manager | Responsible for determining Accepted Level of Risks | Determines if system meets Accreditation criteria |
Cross-domain Xfer Security ProceduresGoal: Limit Risks when transferring Data | Risks: 1. Careless Methods, 2. Shortcuts, 3. Untrained Users | These risks compromise sensitive & classified information |
Service PatchSoftware Package containing several updates or an App or OS |
IAVAAnnouncement of a computer application software or operating system vulnerability notification | In the form of an alert |
Root Level IntrusionUnauthorized "Privileged" access to a DoD system |
User Level IntrusionUnauthorized "Non-privileged" access to a DoD system | Example: If the system is compromised w/ malcious code that provides remote interactive control |
ReconnaissanceSeeks to gather information from DoD systems, applications, networks, and users | Information can be used to formulate an attack | Does not directly result in compromise |
Explained AnomalySuspicious events that after further investigation are deemed "non-malicious" | Deteremined to be non-malicious and don't fit any other category |
| | ThreatA possible intrusion by a third party |
VulnerabilityA known possible exploitation |
IAVBAnnouncement of a computer application software or operating system vulnerability notification | In the form of a bulletin |
BulletinInformation Assurance Vulnerability Bulletin (IAVB) |
AlertInformation Assurance Vulnerability Alert (IAVA) |
CertificationEvaluation of Technical & Non-Technical Security features of an I.S. | Incorporating: 1. Protection, 2. Detection, 3. Reaction Capabilities |
Malicious LogicInstallation of software designed and/or deployed by adversaries for malicious intentions | For the purpose of gaining access to resources or information w/o consent or knowledge of the user |
Unsuccessful Activity AttemptDeliberate attempts to gain unauthorized access to a DoD system | Attempts are defeated by normal defensive mechanisms |
AuthenticationAssurance of the identity of a message sender or receiver |
IntegrityPreventing information from modification by unauthorized parties or in unauthorized manners |
5 Attributes of IAConfidentiality | Integrity | Availability | Non-repudiation | Authentication |
| | InvestigatingEvents that are potentially malicious or anomalous activity deemed suspicious and warrant, or are undergoing further review | Will be re-categorized to appropriate Category 1-7 or 9 prior to closure |
Non-Compliance ActivityActivity that potentially exposes DoD systems to increased risks | Due to the the Action or Inaction of authorized users |
Denial of ServiceActivity that "Denies, Degrades, or Disrupts" normal functionality of system or network |
Non-RepudiationThe sender of data is provided w/ Proof of Delivery | The recipient is provided w/ proof of the sender's identity | Neither can later deny having processed the data |
Computer Tasking Order (CTO)When a computer completes all tasks assigned |
AvailabilityTimely, Reliable access to data and Info Systems by authorized users |
Information Assurance Manager (IAM)1. Establishing, Implementing and Maintaining the DoD IA program | 2. Documenting the IA program through the DoD IA & C&A process |
ConfidentialityProtecting information from Unauthorized Persons, Processes, or Devices |
AccreditationOfficial Management Decision | Decision to operate an I.S. in a specified Environment |
|
Created By
Metadata
Comments
No comments yet. Add yours below!
Add a Comment
Related Cheat Sheets
More Cheat Sheets by weatherman22