Cybersecurity Flashcards Preview

SPeD SFPC Certification > Cybersecurity > Flashcards

Flashcards in Cybersecurity Deck (49)
Loading flashcards...

RMF Step 1: Categorize

In the step
-Selecting a baseline of security controls for protecting the information system and the organization
-Uses the three security objectives (confidentiality; integrity; and availability) with one impact value (low; moderate; or high) for each of the security objectives
-Initiates the System Security Plan (SSP) to document the categorization of the system
-Registers the system with the DoD Component Cybersecurity Program


What does DoD IT entail?

All DoD-owned IT or DoD-controlled IT that receives; processes; stores; displays; or transmits DoD information


What IT regs for SAP?



What is Reciprocity?

-Common processes, security controls, testing activities and outcomes, as well as, a common lexicon among organization

-Reduce costs related to the activities associated with system authorization.


What groups does DoD use to categorize IT?

Information Systems
Platform IT
IT products
IT services


RMF Step 2: Select Security Controls

In this step
-Security and common controls are identified and selected (Security Control Baseline)
-Overlays are selected and applied
-Controls are tailored, as needed
-System-level continuous monitoring (CONMON) strategy developed, reviewed and approved internally
-SSP is developed, reviewed and approved internally


What are common controls?

Controls inherited from the hosting environment (physical, personnel) that are typically controlled by personnel outside of the cyber team. Example: Ensuring the facility the network is housed in has emergency lighting and exits.


RMF Step 3: Implement Controls

In this step
-Controls implemented consistent with the SSP and DoD policy (critically important step that can affect the security and risk of the entire organization)
-SSP updated


RMF Step 4: Assess Controls

In this step
-Security Assessment plan developed
-Self assessment conducted to determine if controls are implemented correctly, operating as intended and producing the desired outcome
-Remediation actions, as necessary, based on findings -SSP revised
- Security Control Assessor (SCA) develops, reviews and approves a plan to assess the security controls
-Authorizing Official (AO) approves the Security Assessment Plan


RMF Step 5: Authorize System

In this step
-Preliminary review of documentation of the documentation by the Security Controls Assessor (SCA)
-Plan of Action and Milestones (POAM) created by the SCA to document any vulnerabilities in the system and a plan and timeline to mitigate each vulnerability
-SCA prepares a Security Assessment Report (SAR) and makes an authorization recommendation, but the ultimate authorization decision must be issued by the AO
-AO reviews the security authorization package (all paperwork) and issues an Approval to Operate (ATO) or Denial of Approval to Operate (DATO)


Security Assessment Report (SAR)

Provides authorizing officials with the information needed for understanding the current security state of the organization's information systems and supporting infrastructure and the current risk posture of the system and therefor the organization


RMF Step 6: Monitor Controls

In this step
-Ensure system is operating at an acceptable level of risk to maintain its authorization
-Periodic self assessments conducted as part of continuous monitoring (CONMON)
-Periodic system assessments by DCSA
-Ensure security relevant changes trigger a full reassessment of the system and the AO must reauthorizes the system
-Reassessment and reauthorization upon expiration of the ATO (typically 3 yrs from the date of issuance)
-Analyze and document any posed or actual changes to the information system due to continuous monitoring


What is the objective of Continuous Monitoring?

To determine if the security controls in the information system continue to be effective over time in light of the inevitable changes to hardware, software and firmware that occur in the system, as well as changes in the environment in which the system operates


Email Phishing Indicators Indicators

-Bad grammar, misspellings and/or generic greetings
-Maliciously-crafted attachments with varying file extension or links to a malicious website
-Appear to be from a position of authority or legitimate company: your employer, bank or credit card company, online payment provider or government organization


Examples of types of information adversaries target

-Sensitive company documents and proprietary information
-Export controlled/classified information and technology
-Information on DoD-funded contracts
-Sensitive technological specification documents
-User login IDs and passwords
-Personal Identifying Information (SSN; date of birth; address)
-Contact rosters and phone directories


Targeted Technology and Information Threats

Cyber Criminals
Organized Crime
Foreign Intelligence Entities


Most Targeted Technologies

-Information systems
-Aeronautics, including technology related to unmanned aerial vehicles (UAVs)
-Lasers and optics
-Marine systems, positioning, navigation and time
-Militarily Critical Technologies List (MCTL) technology


What is malicious code?

Software that does damage and/or creates unwanted behaviors


Examples of malicious code

Trojan horses


Examples of vessels of malicious code

E-mail attachments
Removable media
Downloaded files
Infected websites


Counters against malicious code in emails

-View e-mail messages in plain text
-Do not view e-mail using the preview pane
-Use caution when opening e-mail
-Scan all attachments
-Delete e-mail from senders you do not know
-Turn off automatic downloading


Counters against malicious code in websites

-Block malicious links / IP addresses
-Block all unnecessary ports at the Firewall and Host
-Disable unused protocols and services
-Stay current with all operating system service packs and software patches


Best philosophy for creating passwords?

-Change passwords frequently
-Combination of numbers, letters and special characters


Indicators of weak passwords

-Words found in the dictionary
-Readily available information significant to you (names; dates; cities; etc.)
-Lack of character diversity (e.g.; all lower case letters)


Countermeasures for password compromise

-Combine letters, numbers and special characters
-Do not use personal information
-Do not use common phrases or words
-Do not write down your password, memorize it
-Change password according to your organization’s policy
-Enforce account lockout for end-user accounts after a set number of retry attempts
-Do not save your passwords or login credentials


Reportable cyber activity subject to punitive action

-Actual or attempted unauthorized access into U.S. automated information systems and unauthorized transmissions of classified or controlled unclassified information
-Password cracking, key logging, encryption cracking, steganography, privilege escalation or account masquerading
-Network spillage incidents or information compromise
-Use of DoD account credentials by unauthorized parties
-Tampering with or introducing unauthorized elements into information systems
-Unauthorized downloads or uploads of sensitive data
-Unauthorized use of Universal Serial Bus, removable media or other transfer devices
-Downloading or installing non-approved computer applications
-Unauthorized network access
-Unauthorized e-mail traffic to foreign destinations


Reportable cyber activity not subject to punitive action

-Denial of service attacks or suspicious network communications failures
-Excessive and abnormal intranet browsing beyond the individual's duties and responsibilities of internal file servers or other networked system contents
-Any credible anomaly, finding, observation or indicator associated with other activity or behavior that may also be an indicator of terrorism or espionage
-Data exfiltrated to unauthorized domains;
-Unexplained storage of encrypted data;
-Unexplained user accounts
-Hacking or cracking activities
-Social engineering, electronic elicitation, e-mail spoofing or spear phishing
-Malicious codes or blended threats such as viruses, worms, trojans, logic bombs, malware, spyware or browser hijackers


Examples of cyber intrusion

-Port and services scanning from consistent or constant addresses
-Hacking into the system
-Placing malware hacking tools into the system
-Passive efforts (e.g.; unsolicited emails containing malware or internet sites that entice users to download files that contain embedded malware)
-Exploitation of knowledgeable


Contractors must report cyber intrusions against classified information systems that indicate:

Subversive activity


Why does software need to be patched and updated regularly?

To provide fixes for vulnerabilities and opportunities for adversaries to access information systems