1.3-5 Information Security

Question 1

Physical Security

Answer 1

Storage Containers
At a minimum, any classified material shall be physically stored.
Secret - Continuous protection, inspected every 4 hours, or an intrusion detection system
Top Secret - Continuous protection, inspected every 2 hours, cypher lock

Question 2

Information Security (INFOSEC)

Answer 2

System of policies, procedures, and requirements established to protect information.

Question 3

Communications Security (COMSEC)

Answer 3

Protective measures taken to deny unauthorized persons information derived from telecommunications related to national security AND ensure the authenticity of such communications.

Question 4

Operational Security (OPSEC)

Answer 4

Protect sensitive but unclassified information to ensure the success of a mission, operation, or activity.
Formal program that identifies and protects sensitive but unclassified information that ensures mission success.

Question 5

Command Security Management

Answer 5

CO is responsible for the effective management of the Information Security Program (ISP) within the command

Question 6

Security Manager

Answer 6

Principal advisor to the CO in all matters pertaining to classification, safeguarding, transmission and destruction of classified material

Question 7

River City

Answer 7

Provides procedures to continuously control communication paths to/from ship/shore systems for the purpose of OPSEC and FPCON

Question 8

Electronic Key Management System (EKMS)

Answer 8

Designed to automate the management of electronic key and other types of COMSEC material

Question 9

EKMS Manager

Answer 9

Responsible for all actions associated with the receipt, handling, issue, safeguarding, accounting, and disposition of COMSEC material assigned to an EKMS account.
Reports to COMMO

Question 10

Types of Cyber Incidents

Answer 10

Negligent Discharge of Cyber Material
Cross-Domain Violation
Cyber Event
Cyber Incident

Question 11

Negligent Discharge of Cyber Material

Answer 11

Information released above the classification of the computer

Question 12

Cross-Domain Violation

Answer 12

Connecting a computer to a network that is of a different classification

Question 13

Cyber Event

Answer 13

Attempt to conduct malicious cyber attack at a command

Question 14

Cyber Incident

Answer 14

Series of coordinated events designed to maliciously attack a command or the DoD

Question 15

Unintentional Threats

Answer 15

Ignorance of users
Bad habits
Forgetting to update network security patches

Question 16

Intentional Threats

Answer 16

Hacker/Hacktivists
Insider threat
State Sponsored Attack
Terrorist
Cyber Criminals
Curious people
Malicious Code
Social Engineering