Cybersecurity Flashcards

Question

Cybersecurity Concepts

Answer 1

* Information Assurance Attributes * System Categorization * Assessment and Authorization Process * Data Spills * Disposal of Computer Media * Non-Traditional Work Environments * Processing Requirements for Specific Types of Information * New Technology and Equipment * Social Networking Services * Compilation and Data Aggregation * Marking Requirements for Electronic Information * Position Sensitivity Designation/Personnel Security Investigative Standards * Cybersecurity Policy

Answer 2

- In order to put the policies into action, you must be able to identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information. - Need to be able to explain your role in protecting DoD’s information systems and the information they process, transmit, and store.

Answer 3

Answer = All Confidentiality (correct response)  Integrity (correct response)  Availability (correct response)  Authentication (correct response)  Non-repudiation (correct response)

Answer 4

To uphold all elements of the National Industrial Security Program Operating Manual Answer =  To appropriately manage risk by mitigating threats and vulnerabilities  To examine your own actions and activities to uphold personal accountability  To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it

Answer 5

Answer = All NIST 800-30 Rev 1, Guide for Conducting Risk Assessments  DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations  DoD 8510.01, Risk Management Framework  DoD 8500.01, Cybersecurity  DoD Security Policy

Answer 6

Protect information systems. Answer 1 =  Identify all cybersecurity concepts.  Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information. Answer 2 =  Examine their role in protecting DoD’s information systems and the information they process, transmit, and store.

Answer 7

- Protect classified information and controlled unclassified information. - Have proactive and continuous engagement and collaboration between security, information technology (IT), and cybersecurity personnel, at all organizational levels. - Manage threats, minimize vulnerabilities, use appropriate countermeasures, and respond to incidents swiftly and appropriately.

Answer 8

- Monitors, evaluates, and provides advice to the Secretary of Defense regarding all DoD cybersecurity activities and oversees implementation of this cybersecurity. - Develops and establishes DoD cybersecurity policy and guidance consistent with this instruction and in accordance with applicable federal law and regulations.

Answer 9

- Overall responsibility of directing the operation of and assuring the security of the global DoD network environment. - Leads the day-to-day defense and protection of the DoD networks and coordinates all DoD network operations. - Provides full spectrum support to military and counterterrorism mission.

Answer 10

Component and activity-level, you need to be aware of other cybersecurity staff as well, such as the - Authorizing Official (AO) - Personnel Security Specialist - Physical Security Specialist - Information Security Specialist - Industrial Security Specialist - Security Specialist - Security Officer - Risk Executive Function

Answer 11

- Analyze and manage risk - Counsel stakeholders on security-related concerns, issues, and challenges. - Support risk assessment and management. - Execute security awareness training and education requirements and respond to security incidents. - Accountable for cyber command readiness, in information security, personnel security, physical security, counterintelligence, and vulnerabilities assessment and management.

Answer 12

Monitor, evaluate, and provide advice to the Secretary of Defense Answer =  Protect classified information and controlled unclassified information  Direct the operation of and assure the security of the global DoD network  Coordinate all DoD network operations

Answer 13

 Analyze duties Answer =  Manage risk  Execute training  Respond to incident

Answer 14

Risk Assessment Mitigation Evaluation

Answer 15

- Provides overarching methodology to follow when managing risks. - Consists of assessment, mitigation, and evaluation (in that order). - Be aware of risk impacts - Reassess constantly as new solutions are deployed.

Answer 16

- Determines the extent of the threat and risk associated with the information system. - Used to identify security controls to decrease the risk. - Security personnel identify and evaluate risks, risk impacts, and countermeasures. - Revisit risk assessment as you move through the other phases of risk management.

Answer 17

- Prioritize, implement, and maintain risk-reducing measures. - Implement the most appropriate controls. - Accept the risk by simply continuing to operate the information system. - Avoid the risk by eliminating the risk cause and/or the consequence. - Limit the risk by implementing controls to minimize the adverse impact of a threat exploiting a vulnerability.

Answer 18

Risk evaluation is essential to the risk management process. It is the continual process of assessing and mitigating risk. Then purpose of evaluation is to ensure that as changes occur, you are reviewing and ensuring that new risks have not arisen

Answer 19

* Step 1 is Categorize System * Step 2 is Select Security Controls * Step 3 is Implement Security Controls * Step 4 is Assess Security Controls * Step 5 is Authorize System * Step 6 is Monitor Security Controls

Answer 20

- Integrated enterprise-wide decision structure for cybersecurity risk management. - Includes and integrates DoD mission areas. - Facilitates reciprocity among federal agencies. - Used to assess and authorize information systems. - Can help prevent issues and manage all information systems.

Answer 21

Revision  Analysis Answer 1 =  Evaluation Answer 2 =  Assessment Answer 3 =  Mitigation

Answer 22

Answer = All Monitor Security Controls  Categorize System  Authorize System  Assess Security Controls  Select Security Controls  Implement Security Controls

Answer 23

This step corresponds to assessment in the risk management system. - Know how to assess threats to your information technology (IT) infrastructure * Threats are a potential activity that may contribute to the risks associated with operating an information system, or IS – controlled or uncontrolled, intentional or unintentional. - Know how to spot vulnerabilities to your IT program.

Answer 24

Adversarial Accidental Structural Environmental

Answer 25

Threat from an individual, group, organization, or nation-state seeking to exploit the organization’s dependence on cyber resources.

Answer 26

Unintentional threats made by a single user or privileged user or administrator when performing their everyday responsibilities.

Answer 27

Failures of equipment, environmental controls, or software due to aging, resource depletion, or other circumstances.

Answer 28

Natural or man-made disasters, unusual natural events, or an infrastructure failure or outage.

Answer 29

Attempts by hackers to damage or destroy a computer network or system.

Answer 30

Malicious threats to an organization that come from people within the organization who have legitimate access to information concerning the organization’s security practices, data and computer systems.

Answer 31

Includes websites and applications that enable users to create and share content or to participate in social networking.

Answer 32

Technology that allows transmission of data, voice, and video via a computer or any other wireless enabled device without having to be connected to a physical link.

Answer 33

Constant changing threats and new technologies that leave the DoD vulnerable to attack. *Challenge = keeping up with new threats as new environments are created.

Answer 34

- Sniffing and Eavesdropping - Malicious Code and Malware - Denial of Service - Spoofing - Password Cracking - Social Engineering

Answer 35

Allows adversaries to tap into network traffic and capture packets.

Answer 36

Uses software to attack/damage computer systems and networks. Examples: viruses, worms, and Trojans

Answer 37

Saturates resources on systems or networks so that the network or computers cannot provide required services to users. Examples: teardrop attack, Smurf attack, and Distributed DOS (DDOS)

Answer 38

Uses false information to gain unauthorized access to resources. Examples: Forged IP addresses, Man-in-the-Middle attacks, and session hijacking attacks

Answer 39

Allows adversaries to derive passwords. Examples: dictionary attacks, brute force and easy-to-guess passwords

Answer 40

Manipulates people into divulging confidential information. Examples: pretexting/scenarios, phishing and dumpster diving. *Information found from dumpster diving can provide an attacker with information to hack into system

Answer 41

"There are many ways that cyber attackers can gain access. Adversaries use probing and scanning to ascertain information about services, vulnerabilities, and hosts on a network. Please note that not all threats are issues. You must evaluate the threats and then make appropriate decisions"

Answer 42

Threats take advantage of weaknesses—or vulnerabilities–to gain unauthorized access to our information or systems. Vulnerabilities include physical security, IS software and hardware, and people. As security personnel, you need to assess the ease, rewards, likelihood, related threats, and residual risk of vulnerabilities. Your goal as security personnel is to be aware of vulnerabilities so that you can coordinate the appropriate countermeasures to prevent exposure.

Answer 43

Vulnerability at the organization level.

Answer 44

Vulnerability at the mission/business process level.

Answer 45

Vulnerability at the information system level, which is where network vulnerabilities are categorized.

Answer 46

Answer = All Adversarial  Environmental  Structural  Accidental

Answer 47

Answer = All Residual risk  Ease  Likelihood  Related threats  Reward

Answer 48

Step 1 - Catagorization

Answer 49

Step 2 - Select Security Controls Step 3 - Implement Security Controls

Answer 50

- Common Control Identification - Security Baseline and Overlay Selection - Development of a Monitoring Strategy - Review and Approval of Security Plan and Continuous Monitoring Strategy

Answer 51

- Chief Information Officer (CIO) provides resources and guidance for selecting security controls. - Actual selection of controls performed by the Information Security Officer (ISO) and the Common Control Provider (CCP). - CIO approves the selections made by ISO and CCP.

Answer 52

- Identifies the baseline for the system based on impact levels. - Documented in the security plan. - Identifies overlays that apply to the information system (IS) or platform information technology (PIT) system.

Answer 53

- Defines how the continuing effectiveness of security controls will be evaluated. - Includes a plan for annually assessing the implemented security controls.

Answer 54

- DoD Components develop and implement the processes. - The Authorizing Official (AO) reviews the processes and decides whether to authorize the security plan and continuous monitoring.

Answer 55

Physical Personnel Procedural

Answer 56

Limits physical access to the information systems.

Answer 57

* Keeping information systems that process sensitive compartmented information (SCI) in a SCIF * Locking the server room doors * Securing workstations * Protecting portable devices such as laptops, tablets, and phones * Disabling drives * Protecting printers and waste

Answer 58

- Limits access to the information system (IS) to cleared personnel with a need-to-know. - Ensures IS users are aware of the policies associated with IS and their responsibilities to protect the information it contains.

Answer 59

* Implementing unique identification * Correlating actions to users * Maintaining user IDs * Deactivating user IDs that are no longer eligible for access or no longer need-to-know * Implementing authentication requirements

Answer 60

Organization-wide countermeasures for information systems (IS) put into place.

Answer 61

* Internal Detection Systems (IDS) firewalls * Encryption * Not permitting thumb drives

Answer 62

- Implement controls consistent with DoD Component Cybersecurity architectures and documented in the security plan. - Products must be configured in accordance with the applicable Security Technical Implementation Guides (STIGs) or Security Requirements Guide (SRGs). -Identify any controls available for inheritance. - Implement controls consistently with DoD architectures and standards, and employ system and software engineering methodologies, security principles, and secure coding techniques. - Proposed security design must be addressed in preliminary and critical design reviews. - Security plan is updated to describe and document the security control implementation. - Existing security controls are reviewed. If they do not pose a risk, then they are inherited into the new practice.

Answer 63

Assess Security Controls  Monitor Security Controls Answer 1 =  Select Security Controls  Authorize System Answer 2 =  Implement Security Controls  Categorize Syste

Answer 64

Answer = All Common Control Identification  Monitoring Strategy  Security Baseline and Overlay Selection  Security Plan and Review Approval

Answer 65

Communicate updates to appropriate audiences  Seek approvals from CIO  Create appropriate training and communication plans Answer 1 =  Ensure consistency with DoD architectures Answer 2 =  Document security control implementation in the security plan Answer 3 =  Identify security controls available for inheritanc

Answer 66

Step 4 -Assess Security Controls Step 5 - Authorize System Step 6 - Monitor Security Controls

Answer 67

- Compare the security controls to the security assessment plan and the DoD assessment procedures. - Record the security control compliance status. - Assign the vulnerability severity value for security controls. - Determine the risk level for security controls. - Assess and characterize the aggregate level of risk to the system.

Answer 68

Security Assessment Plans are developed, reviewed, and approved by... - Ensuring security assessment activities are coordinated. - Reviewing interoperability and supportability certification efforts, Developmental Test and Evaluation (DT&E) events, and Operational Test and Evaluation (OT&E) events. - Documenting the coordination of activities in the Security Assessment Plan. - Focus of the Security Assessment Plan is to maximize effectiveness, reuse, and efficiency.

Answer 69

- Compare the security controls to the security assessment plan and the DoD assessment procedures. - Record the security control compliance status. - Assign the vulnerability severity value for security controls. - Determine the risk level for security controls. - Assess and characterize the aggregate level of risk to the system. How do you determine the risk level for security controls? You do this by using SCA’s determination that a credible or validated threat source and event exists. Consider the vulnerability severity level and pre-disposing conditions as well as the cybersecurity attributes and all impact levels related to the control. SCA’s consider the impact of a successful threat event.

Answer 70

- Documents issues, findings, and recommendations from the security control assessment. - The Security Controls Assessor (SCA) prepares the SAR. - The SAR is required for an authorization decision.

Answer 71

When you conduct remediation actions on NC security controls, you base your findings and recommendations on the SAR. You will also reassess remediated controls

Answer 72

Security authorization package is submitted and consists of the... - Plan of Action and Milestones (POA&M) - Security plan - Security Assessment Report (SAR) The Authorizing Official (AO) issues an authorizing decision. *The AO may have feedback that requires revision of the security authorization package, which must then be resubmitted to the AO for review and final acceptance.

Answer 73

- Impact of changes to the system and environment are determined - Selected security controls are assessed according to the continuous monitoring strategy - Remediation actions are taken - Security plan, Security Assessment Report, and POA&M are updated as necessary - Security status is reported to Authorizing Official (AO) who reviews the status reports * System decommissioning strategy is implemented when needed.

Answer 74

The information system owner... - Continuously monitors the system or information environment. - Periodically assesses the quality of security controls. - Reports any significant change in the security posture of the system.

Answer 75

- A selected subset of controls must be assessed in accordance with the continuous monitoring strategy. - The assessor must create a written and signed Security Assessment Report (SAR) that indicates the results of the assessment. - The Authorizing Official must review the SAR.

Answer 76

Remediation actions are based on ongoing... - Monitoring activities - Assessment of risk - Outstanding items in the POA&M.

Answer 77

- The security plan, SAR, and POA&M must be kept up-to-date. - Updates result from changes due to system-level continuous monitoring. - The Program Manager (PM) and/or Security Manager (SM) perform all primary activities.

Answer 78

- Is reported to the Authorizing Official (AO). | - Must include the effectiveness of security controls employed within and inherited by the system.

Answer 79

During continuous monitoring, the AO reviews the reported status. The AO review includes the effectiveness of security controls employed within and inherited by the system.

Answer 80

If a system is no longer necessary, the decommissioning strategy is implemented. The information system (IS) owner executes the actions outlined in the decommissioning strategy in the security plan. When a system is removed from operation... - Assess the impact on control inheritance relationships - Update security plan to reflect decommissioned status - Dispose of artifacts and supporting documentation according to sensitivity or classification - Review data or objects that support DoD information enterprise

Answer 81

Answer 1 =  Select Security Controls Answer 2 =  Assess Security Controls Answer 3 =  Monitor Security Controls Answer 4 =  Authorize System  Categorize System  Implement Security Controls

Answer 82

 Prepare the Plan of Action and Milestones (POA&M)  Conduct final risk determination Answer 1 =  Develop, plan, and approve Security Assessment Plan Answer 2 =  Prepare Security Assessment Report (SAR)

Answer 83

 Implement decommissioning strategy  Develop, review, and approve Security Assessment Plan Answer 1 =  Prepare the Plan of Actions and Milestones (POA&M) Answer 2 =  Submit security authorization package

Answer 84

 Prepare the Plan of Actions and Milestones (POA&M)  Develop, review, and approve Security Assessment Plan Answer 1 =  Implement decommissioning strategy Answer 2 =  Determine impact of change

Answer 85

-Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information AND examine their role in protecting DoD’s information systems and the information they process, transmit, and store. Each of the cybersecurity attributes is susceptible to threats and vulnerabilities. Security personnel need to be aware of the attributes to ensure they are appropriately managing the risk across all areas.