Show Menu


Define IA

Protecting & Defending Data
Ensuring: 1. Availa­bility, 2. Integrity, 3. Authen­tic­ation, 4. Confid­ent­iality, 5. Non-Re­pud­iation
Incorp­ora­ting: 1. Protec­tion, 2. Detection, 3. Reaction Capabi­lities

DoN WWW Security Policy

Threats to the security of Navy and Marine Corps operations
Threats to the safety of DoN personnel and their families
Attacks in the form of: 1. Computer Systems, 2. Terrorist Attacks, 3. Identity Theft
Balancing public inform­ation with OPSEC, Privacy Inform­ation, INFOSEC, and Personal Safety

9 Categories of Computer Incidents

1. Root Level Intrusion (incident)
2. User Level Intrusion (incident)
3. Unsucc­essful Activity Attempt (event)
4. Denial of Service (incident)
5. Non-Co­mpl­iance Activity (event)
6. Reconn­ais­ssance (event)
7. Malicious Logic (event)
8. Invest­igating (event)
9. Explained Anomaly (event)


Navy Teleco­mmu­nic­ations Directive

Config­uration Management

1. Identi­fies, 2. Controls, 3. Accounts For, 4. Audits
In reference to a site or Inform­ation System (I.S.)
Occurs during: 1. Design, 2. Develo­pment, 3. Operat­ional Lifecycle


Designated Approving Authority


Command Cyber Readiness Inspection
Formal inspection process which holds commanders accoun­table for their IA

Designated Approving Authority

Upper Level Manager
Respon­sible for determ­ining Accepted Level of Risks
Determines if system meets Accred­itation criteria

Cross-­domain Xfer Security Procedures

Goal: Limit Risks when transf­erring Data
Risks: 1. Careless Methods, 2. Shortcuts, 3. Untrained Users
These risks compromise sensitive & classified inform­ation

Service Patch

Software Package containing several updates or an App or OS


Announ­cement of a computer applic­ation software or operating system vulner­ability notifi­cation
In the form of an alert

Root Level Intrusion

Unauth­orized "­Pri­vil­ege­d" access to a DoD system

User Level Intrusion

Unauth­orized "­Non­-pr­ivi­leg­ed" access to a DoD system
Example: If the system is compro­mised w/ malcious code that provides remote intera­ctive control


Seeks to gather inform­ation from DoD systems, applic­ations, networks, and users
Inform­ation can be used to formulate an attack
Does not directly result in compromise

Explained Anomaly

Suspicious events that after further invest­igation are deemed "­non­-ma­lic­iou­s"
Detere­mined to be non-ma­licious and don't fit any other category


A possible intrusion by a third party


A known possible exploi­tation


Announ­cement of a computer applic­ation software or operating system vulner­ability notifi­cation
In the form of a bulletin


Inform­ation Assurance Vulner­ability Bulletin (IAVB)


Inform­ation Assurance Vulner­ability Alert (IAVA)


Evaluation of Technical & Non-Te­chnical Security features of an I.S.
Incorp­ora­ting: 1. Protec­tion, 2. Detection, 3. Reaction Capabi­lities

Malicious Logic

Instal­lation of software designed and/or deployed by advers­aries for malicious intentions
For the purpose of gaining access to resources or inform­ation w/o consent or knowledge of the user

Unsucc­essful Activity Attempt

Deliberate attempts to gain unauth­orized access to a DoD system
Attempts are defeated by normal defensive mechanisms


Assurance of the identity of a message sender or receiver


Preventing inform­ation from modifi­cation by unauth­orized parties or in unauth­orized manners

5 Attributes of IA



Events that are potent­ially malicious or anomalous activity deemed suspicious and warrant, or are undergoing further review
Will be re-cat­ego­rized to approp­riate Category 1-7 or 9 prior to closure

Non-Co­mpl­iance Activity

Activity that potent­ially exposes DoD systems to increased risks
Due to the the Action or Inaction of authorized users

Denial of Service

Activity that "­Denies, Degrades, or Disrup­ts" normal functi­onality of system or network


The sender of data is provided w/ Proof of Delivery
The recipient is provided w/ proof of the sender's identity
Neither can later deny having processed the data

Computer Tasking Order (CTO)

When a computer completes all tasks assigned


Timely, Reliable access to data and Info Systems by authorized users

Inform­ation Assurance Manager (IAM)

1. Establ­ishing, Implem­enting and Mainta­ining the DoD IA program
2. Docume­nting the IA program through the DoD IA & C&A process


Protecting inform­ation from Unauth­orized Persons, Processes, or Devices


Official Management Decision
Decision to operate an I.S. in a specified Enviro­nment


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          More Cheat Sheets by weatherman22