107.1 Define the following terms: IA; DCO; OCO
- IA Information Assurance is measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
- DCO Defensive Cyberspace Operations. Passive and active cyberspace operations intended to preserve the ability to utilize friendly cyberspace capabilities and protect data, networks, net-centric capabilities, and other designated systems.
- OCO Offensive Cyberspace Operations. Cyberspace operations intended to project power by the application of force in or through cyberspace.
107.2 Define the following: Certification; Accredidation; NAO; System Security Plan; ATO; IATO; Configuration Management
a. Certification – The comprehensive evaluation of the technical and non-technical security features of an IS and other safeguards, made as part of and in support of the accreditation process, to establish the extent to which a particular design and implementation meet a specified set of security requirements.
b. Accreditation – Process in which certification of competency, authority, or credibility is presented. The accreditation process ensures that their certification practices are acceptable, typically meaning that they are competent to test and certify third parties, behave ethically and employ suitable quality assurance.
c. DAA NAO – The Navy Authorizing Official (formerly the DAA) is responsible for authorizing the system’s operation based on achieving and maintaining an acceptable risk posture
d. System Security Plan – Provides an overview of the security requirements of the system and describe the controls in place or planned, responsibilities and expected behavior of all individuals who access the system.
e. ATO Authority to Operate – The official management decision to authorize operation of an information system and to explicitly accept the residual risk to agency operations, agency assets, or individuals.
f. IATO Interim Authority to Operate - Temporary authorization granted by a DAA for an information system to process information based on preliminary results of a security evaluation of the system. (To be replaced by ATO and POA&M).
g. Configuration Management – Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an IS.
107.3 Discuss security procedures involved when performing cross-domain transfers.
- Life-cycle security management of cross domain security configurations is required. In non-enterprise operating environments, the target Regional or Point-to-Point CDS hosting environment must identify (appoint in writing) individual(s) responsible to oversee the day-to-day security management, configuration, and established information transfer processes. This (or these) individual(s) are responsible for reporting security incidents to the local/site Information Assurance Manager.
107.4 Discuss risk management.
- Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system.
107.5 Define the five attributes of Cyber Security:
a. Confidentiality – Assurance that information is not disclosed to unauthorized individual, processes or devices.
b. Integrity – Assurance that information is not modified by unauthorized parties or in an unauthorized manner
c. Availability – Assurance of timely, reliable access to data and information systems by authorized users.
d. Non-repudiation – Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.
e. Authentication – Assurance of the users identity. Designed to establish the validity of a transmission, message, or originator, or means of verifying an individual’s authorization to receive specific categories of information.
107.6 List and define 9 categories of computer incidents:
- Root Level Intrusion (Incident)
- User Level Intrusion (Incident)
- Denial of Service (Incident)
- Malicious Logic (Incident)
- Unsuccessful Activity Attempt (Event)
- Non-Compliance Activity (Event)
- Reconnaissance (Event)
- Investigating (Event)
- Explained Anomaly (Event)
107.7 Describe the DoN World Wide Web Security Policy.
- All information, graphics, and photos posted on publicly accessible DON Web Sites must be carefully reviewed to ensure they meet the standards and requirements as published herein, including Operations Security (OPSEC) considerations.
107.8 Define the following: IAVA; IAVB; CTO; NTD; Service Pack; Patch
a. IAVA – Information Assurance Vulnerability Alert. Addresses severe network vulnerabilities resulting in immediate and potentially severe threats.
b. IAVB – Information Assurance Vulnerability Bulletin. Addresses new vulnerabilities that do not pose an immediate risk.
c. CTO – Computer Tasking Order. A formal tasking order that contains detailed guidance and missions for each component to accomplish
d. NTD - Navy Telecommunications Directive. A widely disseminated Naval Message giving an order or direction about a certain IT function that needs to be complied with.
e. NIA/NIB/OIA/OIB Service Pack - A collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package.
f. Patch A fix for a vulnerability or operational enhancement
107.9 Define vulnerability assessment.
- An examination of the ability of a system or application, including current security procedures and controls, to withstand assault.
107.10 Explain the difference between vulnerability and threat.
- Vulnerability - Refers to a weakness in a system’s security scheme, which may include system security procedures, internal controls, or implementation.
- Threat - Circumstances, events, or people with the potential to cause harm to a system.
107.11 State the duties and responsibilities of the ISSM and ISSO.
- ISSM - Information System Security Manager. The principal advisor on all matters, technical and otherwise, involving the security of IS under purview. Ensures physical and environmental protection, personnel security incidents handling, security training and awareness. Monitors a system and its environment of operation to include developing and updating the System Security Plan (SSP) or changes thereof.
- ISSO - Information System Security Officer. Supports the ISSM in efforts to implement security requirements as mandated NISP and DAA. Configures and manages IS configurations.
107.12 Explain CSWF Specialty Codes and responsibilities.
- CSWF - Cyber Security Work Force.
- Codes: found on TWMMS for CSWF personnel, identifies specialties or sub-specialties the member is trained for. Examples: 21 – code for Digital Forensics, 72 – code for ISSO, 53 – code for incident response, 44 – code for Network Services.
- Responsibilities: Command managers must ensure that command have the proper number and qualification of CSWF personnel to accomplish the missions of the command. If changes are required the authoritative manpower database request must be filed with justifications in TWMS.
107.13 Discuss the role and responsibilities of Navy Red and Blue teams.
- Red Team performs penetration testing of systems / network / sites to identify vulnerabilities to be fixed. This team acts as a hostile external force, albeit one with knowledge of the systems capabilities of which they are attacking. The attack People / Process / and Technology using specialized tactics, techniques and procedures.
- Blue Team performs detection and hardening of systems / networks / sites to pre-empt attack vectors. This team acts as the defensive internal force searching for and eliminating vulnerabilities that are the proverbial ‘needle in the haystack’.
107.14 Define CCRI CCORI and NAVIFOR’s role during the process.
- CCORI - Command Cyber Operational Readiness Inspection (formerly Command Cyber Readiness Inspection)
- A graded event by FLTCYBERCOM to evaluate the overall security of the command to include physical, technical and administrative. NAVIFOR Naval Information Forces is the TYCOM for cryptology / SIGINT, cyber, electronic warfare, information operations, intelligence, networks and space disciplines. They perform roles in manpower, training, modernization and maintenance. They perform coordination efforts with the command being inspected in a CCRI.
107.15 Explain what constitutes PII and the importance of safeguarding.
- Personally Identifiable Information. Any info that could potentially identify a specific person, deanonymizing. Examples: SSN, last 4 digits of SSN, home address, age, marital status, race, salary, home phone numbers, biometric info, medical, financial info, driver’s license, Gov license. Importance of safeguarding: significantly reduces identity theft and other illegal activities.
107.16 Explain why the U.S. Navy only uses “.mil” email addresses on government systems.
- The Navy uses .MIL for its e-mail addresses because the U.S. Department of Defense has exclusive use of this domain.
