13 terms

EIWS COMMON CORE (107 Information Assurance)

107.1 Define IA
Information Assurance: Information Operations that protect and defend data and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation
107.2 Define the following
a. Certification [ref. b and f]: Comprehensive evaluation of the technical and non-technical security features of an information system by incorporating protection, detection, and reaction capabilities.
b. Accreditation [ref. b and f]: The official management decision to operate an information system in a specified environment.
c. DAO [ref.c and f]: Designated Approving Authority: Upper-level manager responsible for determining a systems acceptable level of residual risk determines whether the system meets accreditation criteria.
d. System Security Plan [ref. a and f]: Describe how the security of the system will be managed. State the purpose or mission and scope of the system. Identify the projects the system supports.
e. ATO [ref. e and f]: Authority to Operate: Authority to operate a DOD IS: NIPRNET: 24 months SIPRNET: 12 months
f. IATO [ref. e and f]: Interim Approval to Operate Authority to operate a DOD IS with known security weaknesses. Cannot last longer than 180 days/6 months Must have an approved POA&M
g. Configuration Management [ref. a]: Identifies, controls, accounts for, and audits all changes to a site or information system during its design, development, and operational lifecycle.
107.3 Discuss security procedures involved when performing cross-domain transfers
Data-transfer procedures must mitigate the risks associated with all aspects of this activity. Careless methods, shortcuts, and untrained users can compromise sensitive and classified information vital to national security and operational processes
107.4 Discuss risk management
Risk Management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations' missions
107.5 Define the five attributes of IA
a. Confidentiality: Assurance that information is not disclosed to unauthorized persons, processes, or devices.
b. Integrity: Assurance that information is not modified by unauthorized parties or in an unauthorized manner.
c. Availability: Assurance of timely, reliable access to data and information systems by authorized users.
d. Non-repudiation: Assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.
e. Authentication: Assurance of the identity of a message sender or receiver.
107.6 List and define 9 categories of computer incidents
Category 1: Root Level Intrusion (Incident): Unauthorized privileged access to a DoD system.
Category 2: User Level Intrusion (Incident): Unauthorized non-privileged access to a DoD system. If the system is compromised with malicious code that provides remote interactive control, it will be reported in this category.
Category 3: Unsuccessful Activity Attempt (Event): Deliberate attempts to gain unauthorized access to a DoD system that are defeated by normal defensive mechanisms.
Category 4: Denial of Service (Incident): Activity that denies, degrades, or disrupts normal functionality of system or network.
Category 5: Non-Compliance Activity (Event): Activity that potentially exposes DoD systems to increased risk as a result of the action or inaction of authorized users. (IE: Failure to make proper password)
Category 6: Reconnaissance (Event): Activity that seeks to gather information used to characterize DoD systems, applications, networks, and users that may be useful in formulating an attack. This activity does not directly result in a compromise.
Category 7: Malicious Logic (Event): Installation of software designed and/or deployed by adversaries with malicious intentions for the purpose of gaining access to resources or information without the consent or knowledge of the user.
Category 8: Investigating (Event): Events that are potentially malicious or anomalous activity deemed suspicious and warrant, or are undergoing further review. Category 8 will be re-categorized to appropriate Category 1-7 or 9 prior to closure.
Category 9: Explained Anomaly (Event): Suspicious events that, after further investigation, are determined to be non-malicious activity and do not fit the criteria for any other categories
107.7 Describe the DoN World Wide Web Security Policy
Threats to the security of Navy and Marine Corps operations and the safety of DON personnel and their families come in the form of attacks on computer systems, terrorist attacks on units or personnel, and identity theft. The need to provide public information to the Navy's and Marine Corps' various audiences must be balanced with the need to protect operational security, privacy of information, information security, and personal safety
107.8 Define the following
a. IAVA: Information Assurance Vulnerability Alert: An announcement of a computer application software or operating system vulnerability notification in the form of an alert.
b. IAVB: Information Assurance Vulnerability Bulletin: An announcement of a computer application software or operating system vulnerability notification in the form of a bulletin.
c. CTO: Computer Tasking Order - a means by which a computer system completes all taskings assigned.
d. NTD: Navy Telecommunications Directive
e. Service Patch: A software package that contains several updates for an application or operating system
107.9 Define vulnerability assessment
The testing of a network to find vulnerabilities so the necessary corrections can be identified and corrected
107.10 Explain the difference between vulnerability and threat
A vulnerability is a known possible exploitation, where as a threat is a possible intrusion by a third party
107.11 State the duties and responsibilities of the IAM
The Information Assurance Manager is responsible for establishing, implementing and maintaining the DoD information system IA program, and for documenting the IA program through the DoD IA C&A process
107.12 Define CCRI
Command Cyber Readiness Inspection: Formal inspection process which holds commanders accountable for their respective security posture
107.13 State NAVCYBERFOR's role in a CCRI
To organize and prioritize, training, modernization, and maintenance, requirements, and capabilities of command and control architecture/networks, cryptologic and space-related systems and intelligence and information operations activities, and to coordinate with Type Commanders, to deliver interoperable, relevant and ready forces at the right time at the best cost