Show Menu

EIDWS - INFORMATION ASSURANCE Cheat Sheet by

eidws

CCRI

Command Cyber Readiness Inspection
Formal inspection process which holds commanders accoun­table for their IA

Define IA

Protecting & Defending Data
Ensuring: 1. Availa­bility, 2. Integrity, 3. Authen­tic­ation, 4. Confid­ent­iality, 5. Non-Re­pud­iation
Incorp­ora­ting: 1. Protec­tion, 2. Detection, 3. Reaction Capabi­lities

DAO

Designated Approving Authority

Config­uration Management

1. Identi­fies, 2. Controls, 3. Accounts For, 4. Audits
In reference to a site or Inform­ation System (I.S.)
Occurs during: 1. Design, 2. Develo­pment, 3. Operat­ional Lifecycle

9 Categories of Computer Incidents

1. Root Level Intrusion (incident)
2. User Level Intrusion (incident)
3. Unsucc­essful Activity Attempt (event)
4. Denial of Service (incident)
5. Non-Co­mpl­iance Activity (event)
6. Reconn­ais­ssance (event)
7. Malicious Logic (event)
8. Invest­igating (event)
9. Explained Anomaly (event)

DoN WWW Security Policy

Threats to the security of Navy and Marine Corps operations
Threats to the safety of DoN personnel and their families
Attacks in the form of: 1. Computer Systems, 2. Terrorist Attacks, 3. Identity Theft
Balancing public inform­ation with OPSEC, Privacy Inform­ation, INFOSEC, and Personal Safety

NTD

Navy Teleco­mmu­nic­ations Directive
 

Service Patch

Software Package containing several updates or an App or OS

Designated Approving Authority

Upper Level Manager
Respon­sible for determ­ining Accepted Level of Risks
Determines if system meets Accred­itation criteria

Cross-­domain Xfer Security Procedures

Goal: Limit Risks when transf­erring Data
Risks: 1. Careless Methods, 2. Shortcuts, 3. Untrained Users
These risks compromise sensitive & classified inform­ation

Root Level Intrusion

Unauth­orized "­Pri­vil­ege­d" access to a DoD system

User Level Intrusion

Unauth­orized "­Non­-pr­ivi­leg­ed" access to a DoD system
Example: If the system is compro­mised w/ malcious code that provides remote intera­ctive control

Reconn­ais­sance

Seeks to gather inform­ation from DoD systems, applic­ations, networks, and users
Inform­ation can be used to formulate an attack
Does not directly result in compromise

Explained Anomaly

Suspicious events that after further invest­igation are deemed "­non­-ma­lic­iou­s"
Detere­mined to be non-ma­licious and don't fit any other category

IAVA

Announ­cement of a computer applic­ation software or operating system vulner­ability notifi­cation
In the form of an alert
 

Vulner­ability

A known possible exploi­tation

Threat

A possible intrusion by a third party

Certif­ication

Evaluation of Technical & Non-Te­chnical Security features of an I.S.
Incorp­ora­ting: 1. Protec­tion, 2. Detection, 3. Reaction Capabi­lities

5 Attributes of IA

Confid­ent­iality
Integrity
Availa­bility
Non-re­pud­iation
Authen­tic­ation

Integrity

Preventing inform­ation from modifi­cation by unauth­orized parties or in unauth­orized manners

Authen­tic­ation

Assurance of the identity of a message sender or receiver

Unsucc­essful Activity Attempt

Deliberate attempts to gain unauth­orized access to a DoD system
Attempts are defeated by normal defensive mechanisms

Malicious Logic

Instal­lation of software designed and/or deployed by advers­aries for malicious intentions
For the purpose of gaining access to resources or inform­ation w/o consent or knowledge of the user

Alert

Inform­ation Assurance Vulner­ability Alert (IAVA)

Bulletin

Inform­ation Assurance Vulner­ability Bulletin (IAVB)

IAVB

Announ­cement of a computer applic­ation software or operating system vulner­ability notifi­cation
In the form of a bulletin
 

Inform­ation Assurance Manager (IAM)

1. Establ­ishing, Implem­enting and Mainta­ining the DoD IA program
2. Docume­nting the IA program through the DoD IA & C&A process

Accred­itation

Official Management Decision
Decision to operate an I.S. in a specified Enviro­nment

Confid­ent­iality

Protecting inform­ation from Unauth­orized Persons, Processes, or Devices

Availa­bility

Timely, Reliable access to data and Info Systems by authorized users

Non-Re­pud­iation

The sender of data is provided w/ Proof of Delivery
The recipient is provided w/ proof of the sender's identity
Neither can later deny having processed the data

Denial of Service

Activity that "­Denies, Degrades, or Disrup­ts" normal functi­onality of system or network

Non-Co­mpl­iance Activity

Activity that potent­ially exposes DoD systems to increased risks
Due to the the Action or Inaction of authorized users

Invest­igating

Events that are potent­ially malicious or anomalous activity deemed suspicious and warrant, or are undergoing further review
Will be re-cat­ego­rized to approp­riate Category 1-7 or 9 prior to closure

Computer Tasking Order (CTO)

When a computer completes all tasks assigned

Download the EIDWS - INFORMATION ASSURANCE Cheat Sheet

2 Pages
//media.cheatography.com/storage/thumb/weatherman22_eidws-information-assurance.750.jpg

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!

 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          More Cheat Sheets by weatherman22